JavaScript HTML Other
Latest commit 09e2e00 Feb 22, 2017 @eoger eoger committed with vladikoff fix(push): don't wait on push methods to reply in account/devices/not…
…ify r=vladikoff

Fixes #1657
Failed to load latest commit information.
bin feat(api): add an endpoint for sending SMS messages Feb 16, 2017
config feat(api): add an endpoint for sending SMS messages Feb 16, 2017
docs fix(docs): Document that devices should reigster before attempting to… Feb 21, 2017
grunttasks fix(deps): update dev deps and latest eslint Sep 14, 2016
lib fix(push): don't wait on push methods to reply in account/devices/not… Feb 22, 2017
mailer chore(style): update eslint styles and .gitignore Feb 22, 2017
scripts fix(merge): update shrinkwrap and library refs Feb 21, 2017
test fix(push): don't wait on push methods to reply in account/devices/not… Feb 22, 2017
.dockerignore feat(docker): Add Dockerfile for self-hosting Jan 26, 2016 fix(dev): disable ip profile in dev (#1643) r=vbudhram Feb 10, 2017
.eslintrc test(lint): add lint for synchronous randomBytes usage Oct 27, 2016
.gitignore chore(style): update eslint styles and .gitignore Feb 22, 2017
.nsprc chore(nsp): remove exceptions (#1455) r=seanmonstar Sep 14, 2016
.travis.yml chore(ci): clean up travis ci files and docs Feb 22, 2017
AUTHORS chore(docs): update docs, AUTHORS Feb 22, 2017 Release v1.81.0 Feb 22, 2017 docs(contributing): Mention git commit guidelines Jan 21, 2016
Gruntfile.js chore(build): Replacing JSHint with ESLint Jun 19, 2015
LICENSE Add a proper copy of the MPL May 16, 2014 chore(docs): update mailer docs Feb 22, 2017
Vagrantfile changed vagrant synced_folder to rsync Mar 11, 2014
circle.yml feat(ci): add config for cross-repo testing Jan 26, 2017
npm-shrinkwrap.json fxa-auth-mailer repository merge Feb 22, 2017
package.json fxa-auth-mailer repository merge Feb 22, 2017

Firefox Accounts Server

Build Status

This project implements the core server-side API for Firefox Accounts. It provides account, device and encryption-key management for the Mozilla Cloud Services ecosystem.


Detailed design document

Detailed API spec

Guidelines for Contributing


  • node 4.5.0 or higher
  • npm 2
  • Grunt
  • postfix


On some systems running the server as root will cause working directory permissions issues with node. It is recommended that you create a separate, standard user to ensure a clean and more secure installation.

Clone the git repository and install dependencies:

git clone git://
cd fxa-auth-server
npm install

To start the server in dev memory store mode (ie. NODE_ENV=dev), run:

npm start

This runs a script scripts/ as defined in package.json. This will start up 4 services, three of which listen on the following ports (by default):

  • bin/key_server.js on port 9000
  • test/mail_helper.js on port 9001
  • ./node_modules/fxa-customs-server/bin/customs_server.js on port 7000
  • bin/notifier.js (no port)

When you Ctrl-c your server, all 4 processes will be stopped.

To start the server in dev MySQL store mode (ie. NODE_ENV=dev), run:

npm run start-mysql


Run tests with:

npm test

To select a specific glob of tests to run:

npm test -- test/local/account_routes.js test/local/password_*
  • Note: stop the auth-server before running tests. Otherwise, they will fail with obscure errors.


The mailer library is located in mailer/ directory.

The emails are written to postfix which tends sends them off to SES.

The auth-mailer also includes a restify API to send emails, but the auth server is using it as a library at the moment.

Changing Templates

If you are changing or adding templates then you need to update .html and .txt templates. In mailer/, use the /partials directory to make changes to the HTML templates, then run grunt templates to regenerate the template. This saves the HTML template into /templates. Then make changes to the .txt template in the /templates directory.


After updating a string in one of the templates in ./mailer/templates you'll need to extract the strings. Follow the instructions at mozilla/fxa-content-server-l10n.


Use the FXA_L10N_SHA to pin L10N files to certain SHA. If not set then the master SHA will be used.

Reference Client

Dev Deployment

Refer to


Configuration of this project is managed by convict, using the schema in config/index.js.

Default values from this schema can be overridden in two ways:

  1. By setting individual environment variables, as indicated by the env property for each item in the schema.

    For example:

    export CONTENT_SERVER_URL=""
  2. By specifying the path to a conforming JSON file, or a comma-separated list of paths, using the CONFIG_FILES environment variable. Files specified in this way are loaded when the server starts. If the server fails to start, it usually indicates that one of these JSON files does not conform to the schema; check the error message for more information.

    For example:

    export CONFIG_FILES="~/fxa-content-server.json,~/fxa-db.json"


Firefox Accounts authorization is a complicated flow. You can get verbose logging by adjusting the log level in the config.json on your deployed instance. Add a stanza like:

"log": {
  "level": "trace"

Valid level values (from least to most verbose logging) include: "fatal", "error", "warn", "info", "trace", "debug".

Database integration

This server depends on a database server from the fxa-auth-db-mysql repo. When running the tests, it uses a memory-store that mocks behaviour of the production MySQL server.


MPL 2.0