Gabriel: Thanks for the suggestion. I was hoping to avoid having to incorporate an entirely new way of doing the authentication, if possible.
I should also mention that what I had working before April was to POST to account/login, then I'd receive an email with a link asking to verify my identity. I'd manually copy that link from the message into a page in my app, then that page would POST to recovery_email/verify_code with the code in the link, along with a token obtained earlier. And all was well. I just need to know what is different about that process. Chris On Sun, Jun 25, 2017 at 5:00 AM, <[email protected]> wrote: > Send Sync-dev mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://mail.mozilla.org/listinfo/sync-dev > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Sync-dev digest..." > > > Today's Topics: > > 1. Change to FxA login API for other clients (Chris Tybur) > 2. Re: Change to FxA login API for other clients (Gabriel Iva?cu) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 24 Jun 2017 18:35:32 -0700 > From: Chris Tybur <[email protected]> > To: [email protected] > Subject: Change to FxA login API for other clients > Message-ID: > <CAFBRNHdhCea4Go7LJB9ZzorLpuNfrOyQ_ka6MV4AyTy+LszURg@mail. > gmail.com> > Content-Type: text/plain; charset="utf-8" > > I have a web app that uses the Firefox Account login API to authenticate my > account, obtain Sync storage encryption keys, then pull down my sync'ed > bookmarks. Around April the login stopped working and started returning > "The request was blocked for security reasons". I see at > https://github.com/mozilla/fxa-auth-server/blob/master/ > docs/api.md#post-accountlogin that the login API seems to have some new > query params and payload data. > > Is this new data and the process documented somewhere? I'd like to be able > to adjust my code to call the API correctly. > > Chris > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://mail.mozilla.org/pipermail/sync-dev/ > attachments/20170624/3a9ab9ad/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Sun, 25 Jun 2017 11:33:54 +0300 > From: Gabriel Iva?cu <[email protected]> > To: Chris Tybur <[email protected]> > Cc: sync-dev-owner list <[email protected]> > Subject: Re: Change to FxA login API for other clients > Message-ID: > <CAMFzgngdMmrWvweW1nW8gSSoUTg_F1=sqbpSJap2R1+2_oQn1g@mail. > gmail.com> > Content-Type: text/plain; charset="UTF-8" > > On Sun, Jun 25, 2017 at 4:35 AM, Chris Tybur <[email protected]> wrote: > > I have a web app that uses the Firefox Account login API to authenticate > my > > account, obtain Sync storage encryption keys, then pull down my sync'ed > > bookmarks. Around April the login stopped working and started returning > "The > > request was blocked for security reasons". I see at > > https://github.com/mozilla/fxa-auth-server/blob/master/ > docs/api.md#post-accountlogin > > that the login API seems to have some new query params and payload data. > > > > Is this new data and the process documented somewhere? I'd like to be > able > > to adjust my code to call the API correctly. > > Hi Chris, > > I'm not a Mozilla developer, so I don't have an answer to your > question, but I can suggest you an alternative. > > If your app allows, you might want to consider using the WebChannel > flow [0] to login and retrieve your sync tokens. You'll need to: > > 1. Register a listener to WebChannelMessageToChrome events in your web > page. > > 2. Load the Firefox iframe with a particular context (e.g. > https://accounts.firefox.com/signin?service=sync&context=fx_desktop_v3). > > 3. Receive the "fxaccounts:loaded" command when the iframe is loaded. > > 4. Enter your Firefox username and password and click 'Sign In'. > > 5. Receive the "fxaccounts:can_link_account" command. Respond with a > WebChannelMessageToContent event with the 'data' field set to {ok: > true}. > > 6. Receive the "fxaccounts:login" command. Parse the 'data' field and > extract the sync tokens. > > 7. Proceed to obtain the Sync Key, the crypto key bundles, etc. > > More details of how these work can be found in the link I provided. To > see an example of how to send WebChannelMessageToContent events, check > [1]. > > [0] https://github.com/mozilla/fxa-content-server/blob/master/docs/relier- > communication-protocols/fx-webchannel.md > [1] https://github.com/mozilla/fxa-content-server/blob/ > master/tests/functional/lib/helpers.js#L811-L830 > > Cheers, > Gabriel > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Sync-dev mailing list > [email protected] > https://mail.mozilla.org/listinfo/sync-dev > > > ------------------------------ > > End of Sync-dev Digest, Vol 47, Issue 10 > **************************************** > -- Just contemplate Just think it through Just close your eyes... - The Ocean Blue, *Fast Forward Reverse*
_______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
