FTR, got it working after changing the sync server coonfiguration. The examples I've seen use "audiences = http://xxx.xx"; and it seems the protocol should not be stated there ? (Nor the path when, like my case, syncserver is behind a proxy under a subpath).
The only thing that I'm aware its not working is the changing of the profile's image. This may have to do with the profile service configuration whose config documentation is ... lacking ? :) -Carlos Carlos G Mendioroz @ 23/08/2017 20:01 -0300 dixit: > Well, seems browserid-verifier is needed. > > Tons of issues there, including StartSSL not being whitelisted as CA for > the time being. > That one I patched by disabling the SSL check for now. > > Then I had an "audience mismatch" problem. Oauth needs "publicUrl" > property (without path) and it has to be identical to browserid.issuer, > but this time without protocol (i.e. only the domain name). > > I also messed up the URIs, replacing all of the related ones with > references to the host and junking the paths. > That would make "sync login" behave as "FXA login" so to say. > > FTR, signin, signup and settings are like: > > "http://<service domain>/<service>?service=sync&context=fx_desktop_v3" > > > Now I get some blocked actions, and a reconnect indication. > I was able to update my display name but I'm unable to update my account > picture. > > TBC. > -Carlos > > > Carlos G Mendioroz @ 21/08/2017 20:33 -0300 dixit: >> Still fighting to get this working. >> >> Installed fxa-oauth-server. With default config it seems to depend on >> a local browserid verifier that I've not installed. >> Also, it seems that accessing the fxa-content-server directly relates to >> the "Firefox Accounts Settings" client id which comes with some >> "example2.domain" imageUri + redirectUri. >> >> And oauth is shouting an invalidAssertion, >> auth.huapi.net.ar is not a browserid primary - non-200 response code to >> /.well-known/browserid >> >> Q1: Do I need browserid verifier ? >> >> Q2: https://auth.huapi.net.ar is proxied to auth (127.1:9000) and >> https://auth.huapi.net.ar/oauth is proxied to oauth (127.1:9010). >> Should I "mark" auth.huapi.net.ar as primary somewhere ? >> >> Q3: Should access to content server work alone ? (i.e. sign-in, settings?) >> >> TIA, >> -Carlos >> > -- Carlos G Mendioroz <[email protected]> LW7 EQI Argentina _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
