On 13/10/2015 09:08, Richard Newman wrote: > We certainly have the infrastructure to do this: we do something > like this on every device right now in order to recover the Android > Account across SD card manipulations. We would want special support > to do this across devices, and I'm not sure we want to. > > To go a step beyond Nick's point: it's not entirely clear what the user > expects here, which introduces the possibility of pain. > > If this is a /restored backup/ to the /same device/, maybe they should > stay signed in and keep their client name, client ID, and other metadata. > > If they're restoring the backup to a new device, and the old one is > gone, some things would need to be discarded (e.g., the client name > probably refers to the wrong hardware). > > If they're /cloning/, then we definitely have a lot of stuff to throw away. > > This all gets complicated and unpleasant, so I'd be inclined to just > carry forward their email address/FxA server combo, and make them sign > in again. We handle that pretty well.
I like the simplicity of falling back to the "needs re-authentication" state when we detect that something is not quite right. If we manage to get some sort of "device fingerprint hinting" as part of the FxA device-management API, that should give us enough power to make that happen: https://github.com/mozilla/fxa-auth-server/issues/1077 Cheers, Ryan _______________________________________________ mobile-firefox-dev mailing list [email protected] https://mail.mozilla.org/listinfo/mobile-firefox-dev
