On Sun, Jun 25, 2017 at 4:35 AM, Chris Tybur <[email protected]> wrote: > I have a web app that uses the Firefox Account login API to authenticate my > account, obtain Sync storage encryption keys, then pull down my sync'ed > bookmarks. Around April the login stopped working and started returning "The > request was blocked for security reasons". I see at > https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-accountlogin > that the login API seems to have some new query params and payload data. > > Is this new data and the process documented somewhere? I'd like to be able > to adjust my code to call the API correctly.
Hi Chris, I'm not a Mozilla developer, so I don't have an answer to your question, but I can suggest you an alternative. If your app allows, you might want to consider using the WebChannel flow [0] to login and retrieve your sync tokens. You'll need to: 1. Register a listener to WebChannelMessageToChrome events in your web page. 2. Load the Firefox iframe with a particular context (e.g. https://accounts.firefox.com/signin?service=sync&context=fx_desktop_v3). 3. Receive the "fxaccounts:loaded" command when the iframe is loaded. 4. Enter your Firefox username and password and click 'Sign In'. 5. Receive the "fxaccounts:can_link_account" command. Respond with a WebChannelMessageToContent event with the 'data' field set to {ok: true}. 6. Receive the "fxaccounts:login" command. Parse the 'data' field and extract the sync tokens. 7. Proceed to obtain the Sync Key, the crypto key bundles, etc. More details of how these work can be found in the link I provided. To see an example of how to send WebChannelMessageToContent events, check [1]. [0] https://github.com/mozilla/fxa-content-server/blob/master/docs/relier-communication-protocols/fx-webchannel.md [1] https://github.com/mozilla/fxa-content-server/blob/master/tests/functional/lib/helpers.js#L811-L830 Cheers, Gabriel _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
