-
Notifications
You must be signed in to change notification settings - Fork 120
Create signin context for standalone mobile fxa libs #5029
Comments
For context for FxA folk: these libraries will be used for prototyping new standalone mobile apps that want to integrate with the user's browser data. Our longer-term strategy is to try to move this integration to a more standard OAuth-style flow, which will give us finer control over what data is shared and how. But that's rather open-ended on our side, so the mobile team is moving forward in parallel using the existing sync login flows. |
cc @shane-tomlinson , let's chat about this when you are back... |
We discussed this and agreed it was broadly the Right Thing; rfk to follow up on the question of using WebChannels vs older custom events stuff. |
So @shane-tomlinson reminded me that the My understanding of what this would look like is:
@shane-tomlinson can you please sanity-check the above? [1] https://github.com/mozilla/fxa-content-server/blob/master/docs/relier-communication-protocols/fx-webchannel.md |
I got the WebChannel implementation working. However, |
Thanks @mcomella, I'm relieved to here there weren't any gotchas!
I assume you'll just want to skip this screen completely? When we define the new context values, we can add corresponding logic to tweak the flow as appropriate and avoid this screen. |
Sounds prefect, and sounds like @mcomella has already done it. 🕺
Like @rfk said, we can create the new brokers and have these screens skipped. I'll put that on my plate for first thing next week. |
To summarize: Two new context query parameters are needed, mob_ios_v1 and mob_android_v1. These will both use WebChannels to communicate with the app. Since both access "readonly" versions of Sync, they should skip the "choose what to sync" screen. Does this sound correct @mcomella? |
@mcomella - I was just reviewing the set of WebChannel commands sent for the signin flow. Will the library respond to the |
Correct.
I do currently but I'm returning true every time – my login component isn't aware of the account store so it's up to the user of the library to decide based on the account store state. I can see it being useful if we changed the library API though. ty! |
@mcomella - I'm putting together the new brokers for you and have a question regarding flow. How do the libraries handle users that must confirm their email, e.g., both sign up and sign in (usually) require an email verification to access Sync data. On login, we send the fxaccounts:login message with
|
@shane-tomlinson Our current flow when receiving
This is modeled after the current Firefox for iOS behavior. I wasn't aware that we could poll for the verification state but that sounds a lot better than forcing the user to close the login page themselves! That being said, I think it's the most correct to have FxA notify us when the verification completes. If that's not feasible or is too much work, I think polling will be fine. How would polling work? What message do we have to send to get the account state? |
ISTM it should be possible for us to send a webchannel message to notify when this completes - @shane-tomlinson? |
We don't have a WebChannel message for this currently, but it's not a problem to create one. |
I have implemented polling in the FxA account UI, once the user has verified their email address, we'll send you a new WebChannel message, Another question I had while writing functional tests is during the normal Sync signup, we display a page called Choose what to Sync that allows the users to select which Sync buckets they'd like to sync across their devices. Should this screen be displayed for apps that consume this library? I'm trying to put PR #5084 on https://stomlinson.dev.lcip.org so that you have an environment you can tests against. |
@mcomella - The PR is up and ready for you to test against when you get a chance! |
Sounds good!
No, this page should not be displayed (because we can't stop the application using the library from taking the sync tokens out of memory and downloading whatever information we want with it so we shouldn't give the user this guarantee).
I went to https://stomlinson.dev.lcip.org/signin?service=sync&context=mob_android_v1 (and tried again with |
We rebooted the server and I'm received WebChannel events. That being said, my response to the
My guesses that I'll look into:
|
Yeah, if messageId doesn't match, that'll cause the symptoms you see. return `${Date.now()}${++messageIdSuffix}`;
|
Turns out I was taking putting sending the messageId as a long to Java (thus it was 0) rather than taking a String - I fixed it (I don't understand why this worked with The new One issue I ran into is that fxaccounts:loaded is no longer fired. I'm not using it at the moment but it could be useful for mozilla-mobile/FirefoxData-android#2. I believe we have some WebView callbacks we can listen for for when the page loads but it's clearer to have the page tell you itself. @shane-tomlinson Is that something you can add back? |
This is mozilla/fxa-content-server#5029. messageId needed to be a String for this to work. For some reason, it was able to work before even though we casted it to long when we sent it to Java.
This is mozilla/fxa-content-server#5029. messageId needed to be a String for this to work. For some reason, it was able to work before even though we casted it to long when we sent it to Java.
Hmm, that's very strange. It's supposed to be sent universally, if that's not the case, I must have a whole in the functional test coverage. :/ I'll try to have that ready for you today. |
@mcomella - I just added some functional tests to ensure the |
Sorry, I think this was my bug again (ty for investigating!). I inject my JavaScript, which adds the fxa listeners, in the WebView's This build works for me – thanks @shane-tomlinson ! When do you expect it to merge to production? (fwiw, iOS may still want to use fxaccounts:loaded) |
This is mozilla/fxa-content-server#5029. messageId needed to be a String for this to work. For some reason, it was able to work before even though we casted it to long when we sent it to Java.
The earlier you can bind, the better. We send that message as soon as the first view is rendered, which is usually after DOMContentLoaded, but sometimes not by much.
I'll have the reviews begin today. We just cut a train, it'll unfortunately be 2 more weeks before we cut the next one, and another week before it goes to prod. If having this in prod sooner than that is imperative, let's talk. Thanks for working through this with me! |
@mcomella - if we changed the WebChannel message from |
@shane-tomlinson Nope! Go for it. |
…) r=@philbooth When the user verifies their email, a `fxaccounts:verified` message is sent over the WebChannel. fixes #5029
This is mozilla/fxa-content-server#5029. messageId needed to be a String for this to work. For some reason, it was able to work before even though we casted it to long when we sent it to Java.
We're creating an Android and iOS standalone fxa/Sync library. In the short term, these are to download read-only from Sync.
During the web flow sign in, we're currently using the context "fx_ios_v1" to initiate the postMessage interface (we modeled the login code after FF iOS).
We should create a new sign in context to differentiate these new libraries. I propose:
"mob_[platform]_v1"
e.g. "mob_ios_v1".
fwiw, I'd expect these libraries to be ready for use within the next few weeks (we'll use fx_ios_v1 until this bug is complete).
CC @liuche.
The text was updated successfully, but these errors were encountered: