I'm no expert in the details of authentication in Loop, and I'm not sure I fully understand the problem you're trying to solve here. But I'll try to offer a few pointers, ask a few questions, and see what we can figure out...

Adding Alexis and Remy who are much more familiar with the Loop server code.


On Mon, Feb 16, 2015 at 10:16 AM, Oleksandr Kyetov
<[email protected] <mailto:[email protected]>> wrote:
    I am working on the project which involves synchronization between
    Loop Server API and Firefox Account

    What I have:
    1. I have Firefox Account with valid credentials
    2. I able to use Loop Server API

    Here is drawing of what I need:
    
https://docs.google.com/drawings/d/1s6F0iKSWGLN8FTNsuMvB0ebNqbofIsGcuaLEi4BINCY/edit?usp=sharing

    Here is what I need in words:
    1. Log in to Firefox Account via Firefox

Do you want to login to the browser itself, or via some hosted web content?

You'll almost certainly want to talk to Firefox Accounts via our OAuth API:


https://developer.mozilla.org/en-US/Firefox_Accounts#Firefox_Accounts_OAuth_2.0_API


I see that the Loop server already has some endpoints for OAuth integration:


https://docs.services.mozilla.com/loop/apis.html#integration-with-firefox-accounts-using-oauth

But it looks like they're designed for access via the browser's builtin FxA OAuth classes, rather than from web content.

    2. Call POST /registration Loop Server endpoint using user from step
    1 (<<< Here is the biggest problem. How to call /registration
    endpoint using Firefox Account credentials?)
    3. Call POST /call-url Loop Server endpoint with hawk-session-token
    derived from response in 2 step
    4. Give generated call URL to the client
    5. Make sure Firefox Account user sees generated URL in the Firefox
    (<<< another problem here. How to notify Firefox Account about call
    URL generated)

    So, it should look like:
    1. Client click a button
    2. Server generates a call URL on server side using support user
    Firefox Account credentials
    3. Server passes call URL back to client
    4. Server notifies support user Firefox Account about client
    generated call URL

Apologies, I don't think I have enough context on the product here to understand the above flow.

In the diagram you linked, what is "Application" and where/how is it running? Is it web content? Or something built into firefox?

    I have read a load of documentation, including:
    https://wiki.mozilla.org/Identity/Firefox_Accounts
    https://docs.services.mozilla.com/loop/apis.html#post-call-url
    https://github.com/mozilla-services/loop-server
    and did not find solution for that :(

    According to Loop Server API, it is possible to register with
    Firefox Account. For that I need to have Firefox Account assertions,
    but I can't get those either

This is something of a legacy setup, since we had to ship Loop before the FxA OAuth infrastructure was ready. We are deliberately discouraging the use of "assertions" for new products and encouraging integration via the OAuth flow.

            POST /registration
            
<https://docs.services.mozilla.com/loop/apis.html#id17><https://docs.services.mozilla.com/loop/apis.html#post-registration>

        Associates a Simple Push Endpoint (URL) with a user. Always
        return an hawk session token in the Hawk-Session-Token header.

Alexis or Remy, is there an equivalent endpoint that can be accessed with an OAuth token rather than a raw FxA assertion?


  Cheers,

    Ryan
_______________________________________________
dev-media mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-media

Reply via email to