I am writing to inform you about Treeherder’s new login flow. In the past,
logging in with Treeherder meant being redirected to the login.taskcluster.net
service. This had a couple of drawbacks, but one of the main annoyance was that
credentials expired every 3 days. You are probably already familiar with the
following error: "Your credentials are expired. They must expire every 3 days
(Bug 1328434). Log out and back in again to refresh your credentials."
The new login flow now uses Auth0 instead of login.taskcluster.net for SSO.
Some relevant information to note:
- When you login for the first time, you will get a prompt asking permission
for treeherder.mozilla.org to access “full-user-credentials”. It’s not
something to be worried about. This is simply a request to access your
taskcluster credentials. Bug 1437116 was created to change that to
- Treeherder session will stay alive as long as access to the site happens once
every 24 hours. 3 days session expiry is no longer in effect.
- If an email is associated with multiple login providers, then the most secure
login method should be used (LDAP > GitHub 2FA > GitHub > Google >
dev-platform mailing list