Gabriel: Thanks for the suggestion. I'd like to avoid having to incorporate an entirely new way of doing the authentication, if I can help it.
I should also mention that what I had working before April was to POST to account/login, then I'd get an email with a link asking to verify my identity. I'd manually copy that link from the message into a page in my app, then that page would POST to recovery_email/verify_code with the code in the link, along with a token obtained earlier. And all was well. I just need to know what is different about that process. Chris On Sun, Jun 25, 2017 at 1:33 AM, Gabriel Ivașcu <[email protected]> wrote: > On Sun, Jun 25, 2017 at 4:35 AM, Chris Tybur <[email protected]> wrote: > > I have a web app that uses the Firefox Account login API to authenticate > my > > account, obtain Sync storage encryption keys, then pull down my sync'ed > > bookmarks. Around April the login stopped working and started returning > "The > > request was blocked for security reasons". I see at > > https://github.com/mozilla/fxa-auth-server/blob/master/ > docs/api.md#post-accountlogin > > that the login API seems to have some new query params and payload data. > > > > Is this new data and the process documented somewhere? I'd like to be > able > > to adjust my code to call the API correctly. > > Hi Chris, > > I'm not a Mozilla developer, so I don't have an answer to your > question, but I can suggest you an alternative. > > If your app allows, you might want to consider using the WebChannel > flow [0] to login and retrieve your sync tokens. You'll need to: > > 1. Register a listener to WebChannelMessageToChrome events in your web > page. > > 2. Load the Firefox iframe with a particular context (e.g. > https://accounts.firefox.com/signin?service=sync&context=fx_desktop_v3). > > 3. Receive the "fxaccounts:loaded" command when the iframe is loaded. > > 4. Enter your Firefox username and password and click 'Sign In'. > > 5. Receive the "fxaccounts:can_link_account" command. Respond with a > WebChannelMessageToContent event with the 'data' field set to {ok: > true}. > > 6. Receive the "fxaccounts:login" command. Parse the 'data' field and > extract the sync tokens. > > 7. Proceed to obtain the Sync Key, the crypto key bundles, etc. > > More details of how these work can be found in the link I provided. To > see an example of how to send WebChannelMessageToContent events, check > [1]. > > [0] https://github.com/mozilla/fxa-content-server/blob/master/docs/relier- > communication-protocols/fx-webchannel.md > [1] https://github.com/mozilla/fxa-content-server/blob/ > master/tests/functional/lib/helpers.js#L811-L830 > > Cheers, > Gabriel > -- Just contemplate Just think it through Just close your eyes... - The Ocean Blue, *Fast Forward Reverse*
_______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
