Thanks for the summary Shane. That captures the meeting discussion and actions really well.
Since the meeting, I think Eric Pang and Lesley Norton are both starting to get involved with the project to make Design and UI consistent across a number of our services, including Monitor. So they might be interested in the future of the FxA settings page too? I expect we'll move on some items quickly (FxA oauth prod creds) and others will need more discussion and design (multiple emails). But I'm a big fan of integrating more services with FxA to make a Firefox Account as valuable to all internet users as other major account providers online. -L On Wed, Dec 12, 2018 at 8:23 AM Shane Tomlinson <stomlin...@mozilla.com> wrote: > We were too busy munching on breakfast and I didn't write down notes of > our meeting. Here's a recap of what hasn't slipped out of my dome. > > *Background* > Firefox Monitor is a service that allows users to see if their email > address has been involved in a data breach. Monitor can email breach alerts > whenever the user's address is involved in a new breach, doing so requires > the user to verify their email address using a flow that is very similar to > what FxA does. To remove the redundancy, Monitor is integrating with FxA > (integrate, integrate, integrate!). This was a chat about deepening that > integration. > > *WHO*: Luke Crouch, Lesley Norton, Vijay Budhram, Shane Tomlinson > > *Questions and comments* > > Is it possible for a user to add more than one secondary email address to > Firefox Accounts? > > - The idea is that Monitor will fetch all of a user's email addresses > associated with FxA and give the user the option to monitor them all. Many > users have more than 1 primary and 1 secondary address, tracking all of > these in FxA would make setting up Monitor simpler. > - This is not available currently, though this is a front end > restriction, the backend is already set up for it. > - If a user adds an email address to Monitor that is unknown by FxA, > should that address be added to FxA? > > Is it possible to integrate Monitor into the FxA settings page? > > - Allow users to sign up to Monitor or view breaches from within the > settings page. > - This will need UX work, our settings page is already pretty panel > heavy. > > If a user verifies their address as part of the Monitor signup, can a > Firefox Account be created automatically as part of that process? > > - We can't automatically create an account because we need a password > for the user. FxA needs to be involved in that flow at some point. > - We might be able to skip email verification, but this alters the > trust boundary we currently have of how much we trust an email address. > - Ryan Kelly reminded me after the meeting we used to do this for > Firefox Marketplace, we had the notion of a "preVerifyToken" which was a > JWT from trusted sources that indicated the email address has already > been > verified. We removed all of that code because it was gross. > > Monitor will need some production OAuth creds. > > - The bug is at [1]. > - Going to be a trusted client, requesting the profile scope and a > refresh token. > > *Action items* > > - stomlinson to open a bug requesting production OAuth creds [1] > - stomlinson to open a bug about allowing multiple secondary email > addresses [2] > - stomlinson to talk to rfeeley and jgruen about the future of the > settings page (started with Ryan Feeley on Saturday) > > Is there anything that's missing from here? > > Shane > > [1] - https://bugzilla.mozilla.org/show_bug.cgi?id=1513060 > [2] - https://github.com/mozilla/fxa-content-server/issues/6748 >
_______________________________________________ Dev-fxacct mailing list Dev-fxacct@mozilla.org https://mail.mozilla.org/listinfo/dev-fxacct
