Hi Albert, On Tue, 9 Feb 2021 at 07:36, Albert Sukaev <[email protected]> wrote:
> I'm studying the auth/sync flow As an aside, I'm curious to hear more about what you're working on that relates the accessing data in Firefox Sync, if you'd be willing to share. > and I have a problem with getting > correct x-keyid value to make a GET request to > https://token.services.mozilla.com/1.0/sync/1.5. > During the authentication flow via api.accounts.firefox.com I got kB, > keyRotationSecret(b'0x00'*32), keyRotationTimestamp, > identifier(b"https://identity.mozilla.com/apps/oldsync";) and user uid > (from https://api.accounts.firefox.com/v1/account/login?keys=true). > Then I'm trying to get the kid: > tmp = derive_key(kB + keyRotationSecret, > b"identity.mozilla.com/picl/v1/scoped_key\n > <http://identity.mozilla.com/picl/v1/scoped_key%5Cn>" + identifier, 48, > unhexlify(uid)) > kid = str(keyRotationTimestamp) + '-' + > base64.urlsafe_b64encode(tmp[:16]).decode('utf-8').rstrip("=") > For legacy backwards-compatibility reasons, the key-derivation for sync is different than the derivation for general FxA scoped keys. The simplest way to explain the differences is probably to link to the code we have here, which does the derivation: https://github.com/mozilla/fxa-crypto-relier/blob/168f4a6c47de9021a0d9ae23a3e6757013a38dbd/src/deriver/ScopedKeys.js#L107 Hopefully this helps, but please do reply here if you have further questions and I'll do my best to get them answered. Cheers, Ryan
_______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
