On Tue, 16 Feb 2021 at 06:55, Albert Sukaev <[email protected]> wrote:
>
> P.S. I didn’t understand if I should reply both you and sync-dev or only
> you and I firstly sent a message only to you(I think you haven’t received
> it and that’s why I’m duplicating the message here)
>
Hi Albert, sorry for the delay replying here, I did receive your other
emails but I just haven't had a chance to respond.
I did actually respond to them just now via private reply without really
thinking about it, but I'll take the opportunity to repeat the responses on
the mailing list here, because they will wind up in a searchable archive
which might help some other folks in future. Thanks for the reminder to
consider the public list :-)
> And I have some new questions:
>
> 1)If I'm not mistaken the POST request to /account/device is not
>
> necessary for the sync operation.
>
Correct.
> But in the Fiddler I saw that some
>
> crypto values are included in this request. Can you also explain me
>
> how the next values are generated: pushpublickey, pushauthkey,
>
> pushcallback and kid, IV, hmac, ciphertext values from the
>
> "availableCommands":{"https://identity.mozilla.com/cmd/open-uri
> ":"{\"kid\":\"\",\"IV\":\"...\",\"hmac\":\"...\",\"ciphertext\":\"...\"}"}}
>
> )? I can’t find where they are generated in the source code.
>
These are to do with the "send-tab" feature, which is separate from the
rest of Firefox Sync. There's a bit of documentation available here:
https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/device_registration.md
But for the details of how the values are generated your best be is
probably looking in the source-code for send-tab, which on Desktop starts
here:
https://searchfox.org/mozilla-central/rev/b32d4ca055ca9cf717be480df640f8970724a0ce/services/fxaccounts/FxAccountsCommands.js
> 2) In the article
> https://mozilla-services.readthedocs.io/en/latest/sync/storageformat5.html
>
> I see that for the encryption of sync data only the value of kB is
>
> needed. But the GET request to
>
> https://token.services.mozilla.com/1.0/sync/1.5 returns me some extra
>
> data: 'hashed_fxa_uid', 'key', 'id'. I think 'key' and 'id' are used
>
> for the Hawk authentication
>
Right, they're the credentials used to authenticate requests to the Sync
storage server.
> but what about 'hashed_fxa_uid'?
>
This value is used for metrics purposes, it's included in the sync
telemetry ping as a lightly-anonymized user identifier. The sync telemetry
ping is documented here:
https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/data/sync-ping.html
And the "hashed_fxa_uid" value ends up as the "uid" field in this telemetry
ping.
Cheers,
Ryan
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
