On 5/09/2016 05:33, Chris Tybur wrote:
>
> On Thu, Sep 1, 2016 at 5:00 AM, <[email protected]
> <mailto:[email protected]>> wrote:
>
> I see what you mean - no, it doesn't let you get to the bookmark data in
> a no-interaction-required manner, it requires you to get a verification
> code out of your email in order to confirm the login.
>
> We're working on an additional feature that will help here, by
> remembering devices that you've successfully logged-in from in the past,
> and skipping the confirmation step on those devices. But that's not
> ready to ship yet.
>
> I can change my app if needed but I still don't see how the new verify
> code API would allow me to get my decrypted Sync data.
>
> For instance, I can include an input box on my web page which I can
> paste the email link into once I get the message. Then I can submit the
> code contained in it to recovery_email/verify_code, but what would I do
> then? That API doesn't seem to have a response body. Would I then do
> another POST to login? Or is there no way currently for a non-Firefox
> application to use this new authentication method?
The flow is:
1) Post credentials to /account/login. You will get a sessionToken,
keyFetchToken, etc just like you always have. But you can't actually
use them yet because you first need to confirm the login. If you try to
use them, you'll get a "104 Account unverified" error response.
2) Check your email for a verification code, and use it to call
/recovery_email/verify_code and confirm the login. This marks your
sessionToken and keyFetchToken as verified so they can now be used properly.
3) Use the keyFetchToken and sessionToken from step (1) to access your
sync data in the same way you would ha previously.
So in theory, steps (1) and (3) should be unchanged from whatever
working code you had previously. Step (2) is a newly-inserted security
measure.
Does that help clarify?
Cheers,
Ryan
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
