On Aug 19, 2013, at 3:50 PM, Ryan Kelly <[email protected]> wrote:
> > Hi All, > > > In support of moving fast on Milestone 1, I have stood up a simple dev > deployment of a tokensever-auth-enabled Sync1.1 server. Hopefully this > will give us something concrete to develop and test against on the > storage integration side of things. > > There are two servers, "auth" and "storage", available at: > > http://auth.oldsync.dev.lcip.org/ > http://db1.oldsync.dev.lcip.org/ > > Technical details below for those who need them. Enjoy! > > > Cheers, > > Ryan > > > ------------------------------- > > > This setup comes in two pieces. For dev they are just two EC2 > instances; in production they'd be two separate clusters. > > First is the "auth server", available here: > > http://auth.oldsync.dev.lcip.org/ > > This is running the tokenserver code we built for sync2.0, and speaks > the browserid auth dance documented here: > > http://docs.services.mozilla.com/token/user-flow.html > > To authenticate, you produce a BrowserID assertion and send it to the > following service-specific URL: > > http://auth.oldsync.dev.lcip.org/1.0/sync/1.1 > > In return you will get a set of temporary authentication credentials > ("id" and "key") along with the URL of a particular storage server that > you should use (the "endpoint_url"). > > In production there would be multiple storage servers, with users > sharded among them. For the dev deployment, the auth server will always > direct you to: > > http://db1.oldsync.dev.lcip.org/1.1/{userid} > > This storage server is running the sync1.1 storage code, with a special > auth plugin that speaks Hawk auth, and a master token-signing secret > that is shared with the auth server. > > Use the id and key you got from the tokenserver, and make Hawk > authenticated requests following the existing Sync1.1 API: > > https://docs.services.mozilla.com/storage/apis-1.1.html > > > In theory, this should be all the server-side support you need to do > BrowserID-authenticated syncing on top of Sync1.1. > > Good luck! :-) This is *awesome* ryan. lloyd > Caveat: I did a quick python implementation of Hawk based on my > previous work with MACAuth, and a cursory read of the quote-unquote > "Hawk Spec". There may be incompatibilities; ping me and I'll squash > them ASAP. > _______________________________________________ > Sync-dev mailing list > [email protected] > https://mail.mozilla.org/listinfo/sync-dev _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
