Fx Desktop "Sign in to the Web" Update

Jared Hirsch 6a68 at mozilla.com
Wed Oct 16 16:06:30 PDT 2013


On Oct 16, 2013, at 2:54 PM, Austin King <ozten at mozilla.com> wrote:

> Howdy,
> What is going on with Persona for Desktop Firefox?
> 
> Background: Many awesome platform devs (khuey, ddhal, mattn, etc) have done substantial work towards making Persona native to Desktop. In B2G land, jedp et al landed a more remote approach, doing amazing work under tight deadlines.
> 
> Landing Persona (sign in to the web, specifically) in Desktop is an important step towards our Persona adoption story. Desktop has taken the backseat to B2G, but we now have one committed full time staff to focus on landing it.
> 
> Goal:
> Get Fx Desktop Persona in to people's hands as soon as possible, while still maintaining Desktop performance and security.
> 
> Our strategy - MattN and I worked closely on a Hybrid approach for landing Persona. It's not the original 100% native plan, nor is it exactly the B2G approach
> 
> Hybrid Overview:
> * Identity Picker - Native in doorhanger
> * Discovery - New WSAPI web service provided by the existing Persona server
> * Fallback IdP - Persona server becomes a real IdP
> ** /.well-known/browserid has provisioning and authentication urls
> ** These can be used by Fx and other SDK / applications in the future
> * Provisioning / Authentication flows for primary or secondary email addresses are loaded in the same way, a popup controlled via chrome [1]
> 
> Various details fall out of this plan either as remote components or native components on a case by case basis.
> 
> Timing:
> 1) Land Persona server changes (Issue#2497)
> 2) Get awsbox deployment up while #1 is in progress
> 3) (Re-)Land Persona on Fx Desktop (hg branch TBD pointing at Persona dev server or awsbox instance)
> 4) Get into Fx Desktop UX nightly branch
> 5) Iterate on Persona server and Desktop code as needed with UX
> 6) Land polished Persona in Aurora (feature preffed off)
> 7) Land polished Persona in Nightly (feature preffed on)
> 8) MFBT
> 
> Re-land??? :
> We're starting from a previous hg revision that had already landed, and parts of which were later reverted.
> That, plus a few new tweaks.
> The goal is to get back to a healthy place with Desktop Fx for bugzilla, hg, and UX.
> This starts with a big gnarly patch (most of which was already r+ in the past). Watch Bug#845546 over the coming weeks.
> After step 4, we'll resume filing specific bugs, have small patches, and try to leverage the platform team as we can.
> 
> Fallback IdP Notes:
> We should be able to aggressively land the server side changes, because only specific builds of Desktop with a feature preference set, will use it. From a maintenance perspective, the provisioning and authentication flows will reuse the shim modules and abstractions with minimal code duplication. Same for HTML and CSS, but this may change of course.
> 
> The existing shim continues to exist as is (we don't use the new provisioning and auth urls) to optimize shim performance.
> 
> This summary is to document a conversation Jared and I had. _6a68 please add anything that I missed.

Looks like a good summary to me.

As I've mentioned in the bug and related threads, I'm happy to help review/fixup and land the server-side changes. The pull request[1] contains the new discovery wsapi as well as the IdP extraction stuff. Interested people can watch that or the parent bug[2].

One question I didn't ask--aside from landing server-side changes, what else is blocking you? do you need the specs finalized? Spec work is a proposed Q4 goal[3] for the signin team, it's helpful if we can be explicit about the changes needed to unblock you (or clarify that you aren't blocked on this). (Might be good to take this part of the discussion to a different thread?)

Cheers,

Jared

[1] https://github.com/mozilla/browserid/pull/3982
[2] https://github.com/mozilla/browserid/issues/2497
[3] https://id.etherpad.mozilla.org/q4-sprint2-focus starting at line 32

> 
> It is easy to confuse this work with Android, Fx Accounts, Sign in to the Browser/Device and other native work.
> The scope of this work is Sign in to the Web on Desktop.
> 
> CCing sync-dev as Jared suggested.

sync-dev peoples, please holler if this is not a useful thread to you. I suspect a little more cross-team summary communication will help us understand wtf is happening a bit better, but perhaps it just seems like lowering signal/noise ratio.

> 
> Most Recent Native Team Update:
> http://ozten.com/random/identity/Native-Desktop/Desktop-Sept17.webm
> 
> I'll send these updates to dev-identity from now on.
> 
> thanks!
> ozten
> 
> [1] This is subject to change after UX feedback cycles of course
> _______________________________________________
> dev-identity mailing list
> dev-identity at lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-identity



More information about the Sync-dev mailing list