Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
The Firefox Accounts authentication server.
JavaScript Shell Python Other
branch: master
Failed to load latest commit information.
bin allow the sns notifier to be disabled in config
config fix(mailer): split out the list of supported locales, for easier main…
crypto Refactor stat reporting to use opaque methods on each service.
db fix(httpdb): Set verifierSetAt for resetAccount()
docs Locked account updates.
grunttasks chore(release): add tasks "grunt version" and "grunt version:patch" t…
routes fix(logging): log emailRecord.uid as a hex string, not a byte array
scripts fix(mailer): add a soft check that we are using the same locales as c…
server updated hapi to 8.2.0
test fix(mailer): add some tests of various supported, unsupported and non…
tokens Remove unused data from the PasswordChangeToken class.
.gitignore reorganize test related files and removed unuse code
.jshintrc fixed jshint complaints
.travis.yml fix(travis): set --force flag on validate-shrinkwrap
AUTHORS Use Hapi's builtin config for the Strict-Transport-Security header
CHANGELOG Release v1.36.0 Update
Gruntfile.js chore(release): add tasks "grunt version" and "grunt version:patch" t…
LICENSE Add a proper copy of the MPL Update to show how to adjust log level
Vagrantfile changed vagrant synced_folder to rsync
bounces.js basket api notifier
customs.js Locked account updates.
error.js Locked account updates.
jwks.js Update from old jwcrypto to latest browserid-crypto.
log.js added a default uid to request.summary lines. fixes #755
mailer.js fix(mailer): split out the list of supported locales, for easier main…
npm-shrinkwrap.json Release v1.36.0
package.json Release v1.36.0
pool.js use err.message for pool errors when there's no body. closes #789
preverifier.js Update from old jwcrypto to latest browserid-crypto.
promise.js created promise.js for easy lib switching.
sqs.js basket api notifier

Firefox Accounts Server

Build Status

This project implements the core server-side API for Firefox Accounts. It provides account, device and encryption-key management for the Mozilla Cloud Services ecosystem.


Detailed design document

Detailed API spec

Guidelines for Contributing


  • node 0.10.x or higher
  • npm
  • pgrep
    • Usually available by default on Mac OS X 10.8+ and Linux.
    • On older versions of Mac OS X, get it via: brew install proctools.
  • libgmp
    • On Linux: install libgmp and libgmp-dev packages
    • On Mac OS X: brew install gmp


You'll need node 0.10.x or higher and npm to run the server. On some systems running the server as root will cause working directory permissions issues with node. It is recommended that you create a seperate, standard user to ensure a clean and more secure installation.

Clone the git repository and install dependencies:

git clone git://
cd fxa-auth-server
npm install

To start the server in dev mode (ie. NODE_ENV=dev), run:

npm start

This runs a script scripts/ as defined in package.json. This will start up 4 services, three of which listen on the following ports (by default):

  • bin/key_server.js on port 9000
  • test/mail_helper.js on port 9001
  • ./node_modules/fxa-customs-server/bin/customs_server.js on port 7000
  • bin/notifier.js (no port)

When you Ctrl-c your server, all 4 processes will be stopped.


Run tests with:

npm test
  • Note: stop the auth-server before running tests. Otherwise, they will fail with obscure errors.

Reference Client

Dev Deployment

There is a development server running the moz-svc-dev AWS environment, at the following address:

It is managed using awsbox. You can force-push a particular version of the code by doing:

$> git remote add api-dev-lcip-org
$> git push api-dev-lcip-org HEAD:master

The dev deployment is configured to send emails via Amazon SES. If you need to re-create, or want to stand up a similar server, you will need to:

  1. Obtain the SES SMTP credentials; ping @rfk or @zaach for details.
  2. Deploy the new machine using awsbox.
  3. Configure postfix to use the SES credentials:
    1. Edit /etc/postfix/sasl_passwd to insert the SES credentials.
    2. Run /usr/sbin/postmap /etc/postfix/sasl_passwd to compile them.
    3. Edit /etc/postfix/ to change 'relayhost' to the SES SMTP host (typically "").
    4. Run service postfix restart to restart postfix.

There is also a "bleeding edge" development server that is configured to auto-update itself from the latest github master. It may be useful for testing out new protocol changes, but should be considered unstable for general development use:


To set the url of the content server, edit config.json on your deployed instance and add:

"contentServer": {
  "url": ""


Firefox Accounts authorization is a complicated flow. You can get verbose logging by adjusting the log level in the config.json on your deployed instance. Add a stanza like:

"log": {
  "level": "trace"

Valid level values (from least to most verbose logging) include: "fatal", "error", "warn", "info", "trace", "debug".

MySQL setup

Install MySQL


Installation is easy with homebrew. I use mariadb which is a fork of mysql but either should work.

brew install mariadb

Follow the homebrew instructions for starting the server. I usually just do

mysql.server start


Install MySQL and start it.

Database Patches

Previously the database patches were contained in this repo and were run when the server started up (in development mode). However, there is a new backend service that this project will use as we go forward. Whilst the database connection and API code is still contained and used in this repo you should take a look at the fxa-auth-db-server repo for the SQL that you should run once you have your database set up, specifically the instructions on Creating the Database. Note where the schema patches live, in case you need them.

As we switch over to the httpdb backend, the instructions here and in the fxa-auth-db-server repo will be updated to clarify this. We know this isn't optimal for now but it is temporary during this transition.


Our test suite assumes mysql uses it's default configuration. See config/config.js for the override ENV variables if you have different root user password or other user. Now you should be able to run the test suite from the project root directory.

DB_BACKEND=mysql npm test

Or run the local server

DB_BACKEND=mysql npm start


You may want to clear the data from the database periodically. I just drop the database:

mysql -uroot -e"DROP DATABASE fxa"

The server will automatically re-create it on next use.

Using with FxOS

By default, FxOS uses the production Firefox Accounts server ( If you want to use a different account server on a device, you need to update a preference value identity.fxaccounts.auth.uri.

user_pref("identity.fxaccounts.auth.uri", "");
  • ./ push prefs.js


MPL 2.0

Something went wrong with that request. Please try again.