Retrieve user's email address at a later time (post login)

[kumar303]

Our use case in payments is as follows:

• accept an access token from a 3rd party who wishes to begin payment
  • this must have the scopes profile:email payments
• verify the access token, save some user details to database
• process the payment for a recurring subscription
  • the credit card info is saved securely by our provider so it can be charged each month
• time passes and we maybe receive a failed subscription notice.
• we want to email the user telling them about it
  • (there are a couple other events like this that we want to email the user about)

We're trying to think of a way to implement this without saving the email address in our database since it's PII. Ideally we'd like to store the FxA user ID and just look up the email when we need to send emails. Any ideas for how to do this?

cc @andymckay @rfk

[shane-tomlinson]

Is this a case for a refresh token?

[rfk]

Unfortunately refresh tokens won't work here, as this is the payments service rather than a relier. They accept access_tokens generated by other reliers for auth, but will never see a refresh token.

One option here would be to privilege the payments backend, and allow it to generate special backend service tokens that can read email addresses on demand. Similar to #957 (comment). But we seem to be wanting to do that a lot lately, so it may be worth thinking about alternatives rather than special-casing all the things...

[rfk]

This is now possible using our service-tokens feature - specially-configured reliers can exchange a signed JWT for an OAuth token and use that to retrieve the user's email address without having the user in the loop.

[kumar303]

[kumar303]

Thanks! Our first priority will probably be synchronizing emails in AMO mozilla/addons-server#1609