-
Notifications
You must be signed in to change notification settings - Fork 23
Build Oauth integration dev server #16
Comments
@seanmonstar, could you take this? If you haven't seen the awesomeness of dannybox yet, this would be a good place to start. |
This should use a different (new) playbook from the default |
Wasn't #12 about adding oauth/profile? |
Yes. By default the dev.yml installs all roles: auth, content, customs, db, oauth.... I think what @ckarlof is asking for here would only need oauth and maybe profile. I guess there's no harm in having everything installed but just configured to point to prod auth-server. I think the simplest thing would be to add these values to content_public_url: https://accounts.firefox.com
browserid_issuer: api.accounts.firefox.com I can do this pretty quickly if you don't feel like messing with this at the moment :) |
My first glance at #12 had my eyes glaze over at the sea of config :D |
I'll take this issue, but the easiest way to get started is to follow the aws instructions on the readme https://github.com/dannycoates/fxa-dev#aws there's a |
I had a couple goals:
|
@dannycoates, I got a friendly reminder from Marketplace that persistent tokens would be nice for their stage/dev integration, so let's prioritize this a bit higher: https://bugzilla.mozilla.org/show_bug.cgi?id=1007958#c2 |
I can switch the oauth awsbox to use the mysql driver instead of memory, if |
Given our (content server) deployment issues we've had on awsbox and the complexity of managing all the servers, I think it's a win to migrate to the fxa-dev environment. |
I've got a stack up at marketplace.dev.lcip.org, configured to point to production auth server but the CORS requests seem to be failing against api.accounts.firefox.com. |
When I configure it to use the production content server accounts.firefox.com fails to load https://oauth.firefox.com/v1/client/dcdb5ae7add825d2. which I assume is configured in the content server and not what we want |
whoops! something is configured to use http instead of https. should be an easy fix |
ok, now api.accounts.firefox.com is working but I still can't log into 123done-marketplace, I go through the login flow (seems successful) but just get redirected back without being logged in. @seanmonstar can you tell what's wrong? |
The fix to have content server use the correct hostname (oauth.accounts.firefox.com not oauth.firefox.com) will be in production today - https://github.com/mozilla-services/puppet-config/pull/608. However, there is no production stack for oauth.accounts.firefox.com built yet. |
There is a working stage oauth server in stage at oauth.stage.mozaws.net that can be used. |
Yeah, it looks close. @jrgm doesn't seem to be a content server issue because the user gets redirected back to 123done, but it falls after that. I checked the logs and this doesn't look good in
This happens when the 123done instance tries to fetch the user's profile using the oauth token. It looks like the profile server is having trouble verifying the oauth token. |
Does the profile server on that box use Both look problematic:
|
BOOM 💥 local.json was the issue. Thanks @ckarlof |
After #12 is ready, it would be nice to replace our existing dev Oauth integration infrastructure with a "dannybox". The existing one uses a memory DB for the Oauth DB and that's inconvenient for them.
This stack should use the production auth API server (api.accounts.firefox.com), like our existing awsbox.
The text was updated successfully, but these errors were encountered: