Thanks Remy, this phrase "Note that you cannot use the same Hawk-Session-Token for both FxA server and loop-server" answers a lot of my questions. But according to Loop Server documentation https://docs.services.mozilla.com/loop/apis.html#post-registration
*May require authentication* You don’t *need* to be authenticated to register. In case you don’t register with a Firefox Accounts assertion or a valid hawk session, you’ll be given an hawk session token and be connected as an anonymous user. This hawk session token should be derived by the client and used for subsequent requests. You can currently authenticate by sending a valid Firefox Accounts assertion or a valid Hawk session. Just give me please any hint on how can I authenticate to the Loop Server with existing Firefox Account from NodeJS without usage of Firefox Browser? Yes, I have read this https://blog.mozilla.org/services/2015/02/05/whats-hawk-and-how-to-use-it/ and a lot of different topics about hawk, fxa-*server, etc, but none of them helped me to get what I am trying to do Yes, hawk-session-token derived from key 292e2d34c191b4c1771e9e0b809cbc 966f7d5fb79713d49da33a5fd69939bfef material is correct, here is full derivation function response: { algorithm: 'sha256', id: 'aac4bcd41ac8716f415ff97626eab2a258b254bef34da9347f83f58638c30d50', key: [ 1949323351, -58130331, 474784072, 339128219, 1362991817, 1147320820, -246940133, 96701117 ], bundleKey: [] } Best regards, Alex K. On Wed, Apr 15, 2015 at 2:57 PM, Rémy Hubscher <[email protected]> wrote: > Note that you cannot use the same Hawk-Session-Token for both FxA server > and loop-server. > > To obtain the loop hawk-session-token you need to call the loop > registration endpoint. > > $ http POST https://loop.stage.mozaws.net/v0/registration > HTTP/1.1 200 OK > Access-Control-Expose-Headers: Hawk-Session-Token > Connection: keep-alive > Content-Type: application/json > Date: Wed, 15 Apr 2015 11:53:44 GMT > Hawk-Session-Token: > 292e2d34c191b4c1771e9e0b809cbc966f7d5fb79713d49da33a5fd69939bfef > Timestamp: 1429098824 > Transfer-Encoding: chunked > Vary: Origin > > > There you've got the Hawk-Session-Token for the loop server. > > Then you can use it: > > $ http GET https://loop.stage.mozaws.net/v0/rooms --auth-type hawk --auth > 292e2d34c191b4c1771e9e0b809cbc966f7d5fb79713d49da33a5fd69939bfef: -v > GET /v0/rooms HTTP/1.1 > Accept: */* > Accept-Encoding: gzip, deflate > Authorization: Hawk mac="/1lHuWiNlWQGSC3ORwlMb1N8uF/YYW7QS3q+1lQpjE0=", > hash="B0weSUXsMcb5UhL41FZbrUJCAotzSI3HawE1NPLRUz8=", > id="aac4bcd41ac8716f415ff97626eab2a258b254bef34da9347f83f58638c30d50", > ts="1429098887", nonce="V4W6F5" > Connection: keep-alive > Host: loop.stage.mozaws.net > User-Agent: HTTPie/0.8.0 > > > > HTTP/1.1 200 OK > Connection: keep-alive > Content-Length: 2 > Content-Type: application/json; charset=utf-8 > Date: Wed, 15 Apr 2015 11:54:47 GMT > ETag: W/"2-d4cbb29" > Server-Authorization: Hawk > mac="Zke17nF5wHqY6mSUMVFhQ6a2eP5ckCdJkN2MOVsD05Q=" > Timestamp: 1429098887 > Vary: Origin > > [] > > Can you confirm that when you derive the > 292e2d34c191b4c1771e9e0b809cbc966f7d5fb79713d49da33a5fd69939bfef > hawk-session-token you've got the > id="aac4bcd41ac8716f415ff97626eab2a258b254bef34da9347f83f58638c30d50" ? > > Have you seen this blog post? > https://blog.mozilla.org/services/2015/02/05/whats-hawk-and-how-to-use-it/ > > > > Le 15/04/2015 13:49, Oleksandr Kyetov a écrit : > > Thank you for reply Remy, > > Yes, I played a lot with hawk: > - hawk library (https://www.npmjs.com/package/hawk) > - also with function which is used by Firefox Accounts ( > https://github.com/mozilla/fxa-content-server/blob/master/app/scripts/lib/hkdf.js > ) > > In both cases derived Hawk-Session-Token is good for calling > fxa-auth-server endpoints (e.g. > https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#get-v1sessionstatus > ) > But when I call Loop Server endpoints (e.g. > https://docs.services.mozilla.com/loop/apis.html#post-call-url) with same > Hawk-Session-Token, I get Unauthorized error > > The main thing I am concern about right now > > - is it even possible to call >> https://docs.services.mozilla.com/loop/apis.html#post-call-url with hawk >> credentials derived from session token recieved from >> https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1accountlogin >> ? >> > I feel that I reached a dead end, so if you can confirm that question > above is possible and doable, I will be investigating further > > If you can provide some relevant example of doing that - it would make > my life much easier > > Thank you in advance, > Alex K. > > On Wed, Apr 15, 2015 at 2:24 PM, Rémy Hubscher <[email protected]> > wrote: > >> Hi Alex, >> >> Did you had a look at >> https://www.npmjs.com/package/express-hawkauth#how-are-the-shared-credentials-shared >> ? >> >> It is the way to derive the Hawk-Session-Token as hawk credentials. >> >> Also you can use the hawk module to build your Hawk headers. >> https://www.npmjs.com/package/hawk >> >> Regards, >> >> Rémy >> >> >> Le 15/04/2015 13:08, Oleksandr Kyetov a écrit : >> >> Hi, Firefox Team, >> >> I hate being annoying, any information on the e-mail below will be >> really helpful, as I tried everything what I could come up with >> >> Thank you in advance, >> Alex K. >> >> On Wed, Apr 8, 2015 at 10:15 PM, Oleksandr Kyetov < >> [email protected]> wrote: >> >>> Guys, thatns you for response, >>> >>> It really helped me a lot, and I let myself play a little with: >>> https://github.com/mozilla/fxa-oauth-server >>> https://github.com/mozilla/fxa-auth-server >>> >>> But, unfortunately it is not quite what I need >>> >>> My context is next: >>> 1) There is no client UI at all >>> 2) I have Firefox Account credentials stored in the backend >>> 3) Backend written via NodeJS >>> >>> The flow is next: >>> 1) Something call backend server; >>> 2) fxa-auth-server endpoint >>> https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1accountlogin >>> called, >>> which returns session token >>> 3) Hawk credentials is derived from session token received in step 2) >>> >>> What I can do using Hawk credentials from step 3): >>> 4a) Call >>> https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#get-v1sessionstatus >>> to >>> get session status >>> 5b) Call >>> https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1sessiondestroy >>> to >>> destroy session >>> >>> What I want be able to do using Hawk credentials from step 3) >>> 4b) Call https://docs.services.mozilla.com/loop/apis.html#post-call-url to >>> get call url >>> But the only thing I receive from Loop Server: >>> { >>> "code": 401, >>> "errno": 110, >>> "error": { >>> "statusCode": 401, >>> "error": "Unauthorized", >>> "message": "Unknown credentials" >>> } >>> } >>> >>> So I here are more concrete questions: >>> - is it even possible to call >>> https://docs.services.mozilla.com/loop/apis.html#post-call-url with >>> hawk credentials derived from session token recieved from >>> https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1accountlogin >>> ? >>> - if it is possible - what I am doing wrong? >>> - if it is not possible - what are other ways? (except FxA OAuth) >>> >>> P.S. I create test application to give an idea what I am doing: >>> https://github.com/oleksandrkyetov/test-app-server >>> >>> Thanks in advance, >>> Alex K. >>> >> >> >> > > _______________________________________________ dev-media mailing list [email protected] https://lists.mozilla.org/listinfo/dev-media
