+Sandy Alex Davis // Vancouver Product Manager // Application Services 514-582-2539 IRC & Slack: adavis
________________________________ From: Dev-fxacct <dev-fxacct-boun...@mozilla.org> on behalf of Luke Crouch <lcro...@mozilla.com> Sent: Sunday, December 16, 2018 04:17 To: Shane Tomlinson Cc: John Gruen; dev-fxacct; Ryan Feeley; Lesley Norton Subject: Re: Meeting notes: Monitor/FxA integration from Orlando Thanks for the summary Shane. That captures the meeting discussion and actions really well. Since the meeting, I think Eric Pang and Lesley Norton are both starting to get involved with the project to make Design and UI consistent across a number of our services, including Monitor. So they might be interested in the future of the FxA settings page too? I expect we'll move on some items quickly (FxA oauth prod creds) and others will need more discussion and design (multiple emails). But I'm a big fan of integrating more services with FxA to make a Firefox Account as valuable to all internet users as other major account providers online. -L On Wed, Dec 12, 2018 at 8:23 AM Shane Tomlinson <stomlin...@mozilla.com<mailto:stomlin...@mozilla.com>> wrote: We were too busy munching on breakfast and I didn't write down notes of our meeting. Here's a recap of what hasn't slipped out of my dome. Background Firefox Monitor is a service that allows users to see if their email address has been involved in a data breach. Monitor can email breach alerts whenever the user's address is involved in a new breach, doing so requires the user to verify their email address using a flow that is very similar to what FxA does. To remove the redundancy, Monitor is integrating with FxA (integrate, integrate, integrate!). This was a chat about deepening that integration. WHO: Luke Crouch, Lesley Norton, Vijay Budhram, Shane Tomlinson Questions and comments Is it possible for a user to add more than one secondary email address to Firefox Accounts? * The idea is that Monitor will fetch all of a user's email addresses associated with FxA and give the user the option to monitor them all. Many users have more than 1 primary and 1 secondary address, tracking all of these in FxA would make setting up Monitor simpler. * This is not available currently, though this is a front end restriction, the backend is already set up for it. * If a user adds an email address to Monitor that is unknown by FxA, should that address be added to FxA? Is it possible to integrate Monitor into the FxA settings page? * Allow users to sign up to Monitor or view breaches from within the settings page. * This will need UX work, our settings page is already pretty panel heavy. If a user verifies their address as part of the Monitor signup, can a Firefox Account be created automatically as part of that process? * We can't automatically create an account because we need a password for the user. FxA needs to be involved in that flow at some point. * We might be able to skip email verification, but this alters the trust boundary we currently have of how much we trust an email address. * Ryan Kelly reminded me after the meeting we used to do this for Firefox Marketplace, we had the notion of a "preVerifyToken" which was a JWT from trusted sources that indicated the email address has already been verified. We removed all of that code because it was gross. Monitor will need some production OAuth creds. * The bug is at [1]. * Going to be a trusted client, requesting the profile scope and a refresh token. Action items * stomlinson to open a bug requesting production OAuth creds [1] * stomlinson to open a bug about allowing multiple secondary email addresses [2] * stomlinson to talk to rfeeley and jgruen about the future of the settings page (started with Ryan Feeley on Saturday) Is there anything that's missing from here? Shane [1] - https://bugzilla.mozilla.org/show_bug.cgi?id=1513060 [2] - https://github.com/mozilla/fxa-content-server/issues/6748
_______________________________________________ Dev-fxacct mailing list Dev-fxacct@mozilla.org https://mail.mozilla.org/listinfo/dev-fxacct
