<div dir="ltr"><div>Thanks Remy, this phrase "<font size="1">Note that you cannot use the same Hawk-Session-Token for both FxA server and loop-server</font>" answers a lot of my questions. But according to Loop Server documentation <a href="https://docs.services.mozilla.com/loop/apis.html#post-registration">https://docs.services.mozilla.com/loop/apis.html#post-registration</a></div><div><p style="line-height:1.5em;color:rgb(62,67,73);font-family:OpenSans,sans-serif"><strong><font size="1">May require authentication</font></strong></p><p style="line-height:1.5em;color:rgb(62,67,73);font-family:OpenSans,sans-serif"><font size="1">You don’t <em>need</em> to be authenticated to register. In case you don’t register with a Firefox Accounts assertion or a valid hawk session, you’ll be given an hawk session token and be connected as an anonymous user.</font></p><p style="line-height:1.5em;color:rgb(62,67,73);font-family:OpenSans,sans-serif"><font size="1">This hawk session token should be derived by the client and used for subsequent requests.</font></p><p style="line-height:1.5em;font-family:OpenSans,sans-serif"><font size="1"><font color="#ff0000">You can currently authenticate by sending a valid Firefox Accounts assertion</font><font color="#3e4349"> or a valid Hawk session.</font></font></p></div><div>Just give me please any hint on how can I authenticate to the Loop Server with existing Firefox Account from NodeJS without usage of Firefox Browser?</div><div><br></div><div><br></div><div>Yes, I have read this <a href="https://blog.mozilla.org/services/2015/02/05/whats-hawk-and-how-to-use-it/" target="_blank" style="font-size:12.8000001907349px">https://blog.mozilla.org/services/2015/02/05/whats-hawk-and-how-to-use-it/</a> and a lot of different topics about hawk, fxa-*server, etc, but none of them helped me to get what I am trying to do</div><div>Yes, hawk-session-token derived from key <span style="font-family:monospace;font-size:10.4000005722046px">292e2d34c191b4c1771e9e0b809cbc</span><span style="font-family:monospace;font-size:10.4000005722046px">966f7d5fb79713d49da33a5fd69939</span><span style="font-family:monospace;font-size:10.4000005722046px">bfef </span>material is correct, here is full derivation function response:</div><div><div><font face="monospace, monospace" size="1">{ algorithm: 'sha256',</font></div><div><font face="monospace, monospace" size="1"> id: 'aac4bcd41ac8716f415ff97626eab2a258b254bef34da9347f83f58638c30d50',</font></div><div><font face="monospace, monospace" size="1"> key: </font></div><div><font face="monospace, monospace" size="1"> [ 1949323351,</font></div><div><font face="monospace, monospace" size="1"> -58130331,</font></div><div><font face="monospace, monospace" size="1"> 474784072,</font></div><div><font face="monospace, monospace" size="1"> 339128219,</font></div><div><font face="monospace, monospace" size="1"> 1362991817,</font></div><div><font face="monospace, monospace" size="1"> 1147320820,</font></div><div><font face="monospace, monospace" size="1"> -246940133,</font></div><div><font face="monospace, monospace" size="1"> 96701117 ],</font></div><div><font face="monospace, monospace" size="1"> bundleKey: [] }</font></div></div><div><br></div><div>Best regards,</div><div>Alex K.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 15, 2015 at 2:57 PM, Rémy Hubscher <span dir="ltr"><<a href="mailto:rhubscher@mozilla.com" target="_blank">rhubscher@mozilla.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Note that you cannot use the same Hawk-Session-Token for both FxA
server and loop-server.<br>
<br>
To obtain the loop hawk-session-token you need to call the loop
registration endpoint.<br>
<br>
<tt>$ http POST <a href="https://loop.stage.mozaws.net/v0/registration" target="_blank">https://loop.stage.mozaws.net/v0/registration</a></tt><tt><br>
</tt><tt>HTTP/1.1 200 OK</tt><tt><br>
</tt><tt>Access-Control-Expose-Headers: Hawk-Session-Token</tt><tt><br>
</tt><tt>Connection: keep-alive</tt><tt><br>
</tt><tt>Content-Type: application/json</tt><tt><br>
</tt><tt>Date: Wed, 15 Apr 2015 11:53:44 GMT</tt><tt><br>
</tt><tt>Hawk-Session-Token:
292e2d34c191b4c1771e9e0b809cbc966f7d5fb79713d49da33a5fd69939bfef</tt><tt><br>
</tt><tt>Timestamp: 1429098824</tt><tt><br>
</tt><tt>Transfer-Encoding: chunked</tt><tt><br>
</tt><tt>Vary: Origin</tt><tt><br>
</tt><tt><br>
<br>
</tt>There you've got the Hawk-Session-Token for the loop server.<br>
<br>
Then you can use it:<br>
<br>
<tt>$ http GET <a href="https://loop.stage.mozaws.net/v0/rooms" target="_blank">https://loop.stage.mozaws.net/v0/rooms</a> --auth-type
hawk --auth
292e2d34c191b4c1771e9e0b809cbc966f7d5fb79713d49da33a5fd69939bfef:
-v</tt><tt><br>
</tt><tt>GET /v0/rooms HTTP/1.1</tt><tt><br>
</tt><tt>Accept: */*</tt><tt><br>
</tt><tt>Accept-Encoding: gzip, deflate</tt><tt><br>
</tt><tt>Authorization: Hawk
mac="/1lHuWiNlWQGSC3ORwlMb1N8uF/YYW7QS3q+1lQpjE0=",
hash="B0weSUXsMcb5UhL41FZbrUJCAotzSI3HawE1NPLRUz8=",
id="aac4bcd41ac8716f415ff97626eab2a258b254bef34da9347f83f58638c30d50",
ts="1429098887", nonce="V4W6F5"</tt><tt><br>
</tt><tt>Connection: keep-alive</tt><tt><br>
</tt><tt>Host: <a href="http://loop.stage.mozaws.net" target="_blank">loop.stage.mozaws.net</a></tt><tt><br>
</tt><tt>User-Agent: HTTPie/0.8.0</tt><tt><br>
</tt><tt><br>
</tt><tt><br>
</tt><tt><br>
</tt><tt>HTTP/1.1 200 OK</tt><tt><br>
</tt><tt>Connection: keep-alive</tt><tt><br>
</tt><tt>Content-Length: 2</tt><tt><br>
</tt><tt>Content-Type: application/json; charset=utf-8</tt><tt><br>
</tt><tt>Date: Wed, 15 Apr 2015 11:54:47 GMT</tt><tt><br>
</tt><tt>ETag: W/"2-d4cbb29"</tt><tt><br>
</tt><tt>Server-Authorization: Hawk
mac="Zke17nF5wHqY6mSUMVFhQ6a2eP5ckCdJkN2MOVsD05Q="</tt><tt><br>
</tt><tt>Timestamp: 1429098887</tt><tt><br>
</tt><tt>Vary: Origin</tt><tt><br>
</tt><tt><br>
</tt><tt>[]</tt><tt><br>
</tt><br>
Can you confirm that when you derive the <tt>292e2d34c191b4c1771e9e0b809cbc966f7d5fb79713d49da33a5fd69939bfef</tt>
hawk-session-token you've got the <tt>id="aac4bcd41ac8716f415ff97626eab2a258b254bef34da9347f83f58638c30d50"</tt>
?<br>
<br>
Have you seen this blog post?
<a href="https://blog.mozilla.org/services/2015/02/05/whats-hawk-and-how-to-use-it/" target="_blank">https://blog.mozilla.org/services/2015/02/05/whats-hawk-and-how-to-use-it/</a><div><div class="h5"><br>
<br>
<br>
<div>Le 15/04/2015 13:49, Oleksandr Kyetov a
écrit :<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Thank you for reply Remy,</div>
<div><br>
</div>
<div>Yes, I played a lot with hawk:<br>
</div>
<div>- hawk library (<a href="https://www.npmjs.com/package/hawk" target="_blank">https://www.npmjs.com/package/hawk</a>)</div>
<div>- also with function which is used by Firefox Accounts (<a href="https://github.com/mozilla/fxa-content-server/blob/master/app/scripts/lib/hkdf.js" target="_blank">https://github.com/mozilla/fxa-content-server/blob/master/app/scripts/lib/hkdf.js</a>)</div>
<div><br>
</div>
<div>In both cases derived Hawk-Session-Token is good for
calling fxa-auth-server endpoints (e.g. <a href="https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#get-v1sessionstatus" target="_blank">https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#get-v1sessionstatus</a>)</div>
<div>But when I call Loop Server endpoints (e.g. <a href="https://docs.services.mozilla.com/loop/apis.html#post-call-url" target="_blank">https://docs.services.mozilla.com/loop/apis.html#post-call-url</a>)
with same Hawk-Session-Token, I get <span style="font-size:x-small">Unauthorized </span>error</div>
<div><br>
</div>
<div>The main thing I am concern about right now</div>
<div>
<blockquote type="cite" style="color:rgb(80,0,80)">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr">
<div style="font-size:12.8000001907349px">- is it
even possible to call <a href="https://docs.services.mozilla.com/loop/apis.html#post-call-url" target="_blank">https://docs.services.mozilla.com/loop/apis.html#post-call-url</a> with
hawk credentials derived from session token
recieved from <a href="https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1accountlogin" target="_blank">https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1accountlogin</a>?</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
<div>I feel that I reached a dead end, so if you can confirm
that question above is possible and doable, I will be
investigating further</div>
<div><br>
</div>
<div>If you can provide some relevant example of doing that - it
would make my life much easier</div>
<div><br>
</div>
<div>Thank you in advance,</div>
<div>Alex K.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Apr 15, 2015 at 2:24 PM, Rémy
Hubscher <span dir="ltr"><<a href="mailto:rhubscher@mozilla.com" target="_blank">rhubscher@mozilla.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi Alex,<br>
<br>
Did you had a look at <a href="https://www.npmjs.com/package/express-hawkauth#how-are-the-shared-credentials-shared" target="_blank">https://www.npmjs.com/package/express-hawkauth#how-are-the-shared-credentials-shared</a>
?<br>
<br>
It is the way to derive the Hawk-Session-Token as hawk
credentials.<br>
<br>
Also you can use the hawk module to build your Hawk
headers. <a href="https://www.npmjs.com/package/hawk" target="_blank">https://www.npmjs.com/package/hawk</a><br>
<br>
Regards,<br>
<br>
Rémy
<div>
<div><br>
<br>
<div>Le 15/04/2015 13:08, Oleksandr Kyetov a écrit :<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi, Firefox Team,</div>
<div><br>
</div>
<div>I hate being annoying, any information on
the e-mail below will be really helpful, as I
tried everything what I could come up with</div>
<div><br>
</div>
Thank you in advance,
<div>Alex K.<br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Apr 8, 2015
at 10:15 PM, Oleksandr Kyetov <span dir="ltr"><<a href="mailto:oleksandr.kyetov@gmail.com" target="_blank">oleksandr.kyetov@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><span style="font-size:12.8000001907349px">Guys,
thatns you for response,</span>
<div>
<div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">It
really helped me a lot, and I
let myself play a little with:</div>
<div style="font-size:12.8000001907349px"><a href="https://github.com/mozilla/fxa-oauth-server" target="_blank">https://github.com/mozilla/fxa-oauth-server</a></div>
<div style="font-size:12.8000001907349px"><a href="https://github.com/mozilla/fxa-auth-server" target="_blank">https://github.com/mozilla/fxa-auth-server</a></div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">But,
unfortunately it is not quite
what I need</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">My
context is next:</div>
<div style="font-size:12.8000001907349px">1)
There is no client UI at all</div>
<div style="font-size:12.8000001907349px">2)
I have Firefox Account
credentials stored in the
backend</div>
<div style="font-size:12.8000001907349px">3)
Backend written via NodeJS</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">The
flow is next:</div>
<div style="font-size:12.8000001907349px">1)
Something call backend server;</div>
<div style="font-size:12.8000001907349px">2)
fxa-auth-server endpoint <a href="https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1accountlogin" target="_blank">https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1accountlogin</a> called,
which returns session token</div>
<div style="font-size:12.8000001907349px">3)
Hawk credentials is derived from
session token received in step
2)</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">What
I can do using Hawk credentials
from step 3):</div>
<div style="font-size:12.8000001907349px">4a)
Call <a href="https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#get-v1sessionstatus" target="_blank">https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#get-v1sessionstatus</a> to
get session status</div>
<div style="font-size:12.8000001907349px">5b)
Call <a href="https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1sessiondestroy" target="_blank">https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1sessiondestroy</a> to
destroy session</div>
<div style="font-size:12.8000001907349px"><br>
</div>
<div style="font-size:12.8000001907349px">What
I want be able to do using Hawk
credentials from step 3)</div>
<div style="font-size:12.8000001907349px">
<div>4b) Call <a href="https://docs.services.mozilla.com/loop/apis.html#post-call-url" target="_blank">https://docs.services.mozilla.com/loop/apis.html#post-call-url</a> to
get call url</div>
<div>But the only thing I
receive from Loop Server:</div>
<div>
<div><font size="1">{</font></div>
<div><font size="1"><span style="white-space:pre-wrap">
</span>"code": 401,</font></div>
<div><font size="1"><span style="white-space:pre-wrap">
</span>"errno": 110,</font></div>
<div><font size="1"><span style="white-space:pre-wrap">
</span>"error": {</font></div>
<div><font size="1"><span style="white-space:pre-wrap">
</span>"statusCode": 401,</font></div>
<div><font size="1"><span style="white-space:pre-wrap">
</span>"error":
"Unauthorized",</font></div>
<div><font size="1"><span style="white-space:pre-wrap">
</span>"message": "Unknown
credentials"</font></div>
<div><font size="1"><span style="white-space:pre-wrap">
</span>}</font></div>
<div><font size="1">}</font></div>
</div>
<div><br>
</div>
<div>So I here are more concrete
questions:</div>
<div>- is it even possible to
call <a href="https://docs.services.mozilla.com/loop/apis.html#post-call-url" target="_blank">https://docs.services.mozilla.com/loop/apis.html#post-call-url</a> with
hawk credentials derived from
session token recieved from <a href="https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1accountlogin" target="_blank">https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1accountlogin</a>?</div>
<div>- if it is possible - what
I am doing wrong?</div>
<div>- if it is not possible -
what are other ways? (except
FxA OAuth)</div>
<div><br>
</div>
<div>P.S. I create test
application to give an idea
what I am doing: <a href="https://github.com/oleksandrkyetov/test-app-server" target="_blank">https://github.com/oleksandrkyetov/test-app-server</a></div>
<div><br>
Thanks in advance,</div>
<div>Alex K.</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br></div>