Re: Treeherder New Login Flow
The switch from `full-user-credentials` to `taskcluster-credentials` has now occurred, meaning users will see a one-off Auth0 scopes prompt for the new permissions next time they log into Treeherder. The cause of the frequent log-outs is also believed to be fixed - please comment on bug 1437824 if experiencing otherwise. (Sessions will be maintained as long as the site has been visited once every 24 hours; bug 1439858 is filed for seeing if that can be raised to extend over weekends etc) Best wishes, Ed On Friday, 9 February 2018 17:30:26 UTC, ha...@mozilla.com wrote: > Hi, > > I am writing to inform you about Treeherder’s new login flow. In the past, > logging in with Treeherder meant being redirected to the > login.taskcluster.net service. This had a couple of drawbacks, but one of the > main annoyance was that credentials expired every 3 days. You are probably > already familiar with the following error: "Your credentials are expired. > They must expire every 3 days (Bug 1328434). Log out and back in again to > refresh your credentials." > > The new login flow now uses Auth0 instead of login.taskcluster.net for SSO. > Some relevant information to note: > > - When you login for the first time, you will get a prompt asking permission > for treeherder.mozilla.org to access “full-user-credentials”. It’s not > something to be worried about. This is simply a request to access your > taskcluster credentials. Bug 1437116 was created to change that to > "taskcluster-credentials”. > > - Treeherder session will stay alive as long as access to the site happens > once every 24 hours. 3 days session expiry is no longer in effect. > > - If an email is associated with multiple login providers, then the most > secure login method should be used (LDAP > GitHub 2FA > GitHub > Google > > Passwordless). > > Thanks, > Hassan ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Treeherder New Login Flow
For both this and Phil's issue, I've filed: https://bugzilla.mozilla.org/show_bug.cgi?id=1437824 ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Treeherder New Login Flow
On 2/9/18 12:30 PM, ha...@mozilla.com wrote: - Treeherder session will stay alive as long as access to the site happens once every 24 hours. 3 days session expiry is no longer in effect. This seems to not be working at all. I just carefully recorded the last time I logged in to treeherder: 8:39pm, on Feb 12, 2018, US/Eastern time. It is now 9:27pm on the same day. I just loaded treeherder. It's showing me logged out. The login didn't even last for 1 hour. Login was done via LDAP. -Boris ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Treeherder New Login Flow
On 2/9/18 9:30 AM, ha...@mozilla.com wrote: > - Treeherder session will stay alive as long as access to the site > happens once every 24 hours. 3 days session expiry is no longer in > effect. This doesn't seem to be the case: I'm logged in when I go to bed, and 7 hours later when I get up I'm logged out; I'm logged in when I leave for work, and 4.5 hours later when I get home on my lunch hour I'm logged out. ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Treeherder New Login Flow
Hi, I am writing to inform you about Treeherder’s new login flow. In the past, logging in with Treeherder meant being redirected to the login.taskcluster.net service. This had a couple of drawbacks, but one of the main annoyance was that credentials expired every 3 days. You are probably already familiar with the following error: "Your credentials are expired. They must expire every 3 days (Bug 1328434). Log out and back in again to refresh your credentials." The new login flow now uses Auth0 instead of login.taskcluster.net for SSO. Some relevant information to note: - When you login for the first time, you will get a prompt asking permission for treeherder.mozilla.org to access “full-user-credentials”. It’s not something to be worried about. This is simply a request to access your taskcluster credentials. Bug 1437116 was created to change that to "taskcluster-credentials”. - Treeherder session will stay alive as long as access to the site happens once every 24 hours. 3 days session expiry is no longer in effect. - If an email is associated with multiple login providers, then the most secure login method should be used (LDAP > GitHub 2FA > GitHub > Google > Passwordless). Thanks, Hassan ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
