FxA timelines and you

Fernando Jiménez Moreno ferjmoreno at gmail.com
Fri Oct 18 06:30:47 PDT 2013

On 17/10/2013, at 17:48, Fabrice Desré <fabrice at mozilla.com> wrote:

> On 10/17/2013 05:34 AM, Fernando Jiménez Moreno wrote:
>> On 17/10/2013, at 06:28, Fabrice Desré <fabrice at mozilla.com> wrote:
>>> The nav.id implementation is "kind of" remoted, in the sense that it
>>> works oop, but it relies on the security UI in b2g that spawns a new
>>> process to load network resources. That's very suboptimal, and in no way
>>> can we add yet another process for FxA (eg.
>>> https://docs.google.com/file/d/0B0Az-aXpSyQJZ2xCdWRwWTNoRDQ/edit?usp=sharing&pli=1
>>> looks very nice, but will likely not work well). This thing will blow up
>>> with no rescue team on target devices currently deployed.
>> I think there might be a general confusion about Persona vs FxA implementations in FxOS.
>> You are describing the implementation of a Persona flow. The FxA flow, even if it will use the same API (with a few tweaks) it's going to be a bit different and it won't open the Trusted UI or use any remotely hosted content.
> The diagram at
> https://docs.google.com/file/d/0B0Az-aXpSyQJZ2xCdWRwWTNoRDQ/edit?usp=sharing&pli=1
> is not about persona, it shows the FxA app as a standalone app using IAC.

Indeed. And it says nothing about the Trusted UI or any loaded network resources :)

>> Lloyd wrote a few words about the proposed architecture at [1] and [2]. But basically, in a few words, the big picture of the FxA flow would be something like:
>> 1- A RP with a FxA <meta> or a FxA manifest field (still to be discussed) requests a login via nav.id.request() API.
>> 2- The nsIDOMIdentity component handle this request and notice the <meta> or manifest bits, so it takes the FxA path.
>> 3- A "fxacct-login" or similar system message is sent to content and handled by the FxA app (OOP certified app).
>> 4- The FxA app communicates with the FxA service via its own REST API and does all the Persona magic to finally get a Persona assertion that is delivered to the RP via the usual nav.id callbacks.
> How does that magic part work? Is this still using the current setup
> with a dedicated process? If so, you have : the FxA app, the nav.id oop
> frame, and probably the oop keyboard at some point (oh, and the
> homescreen and cost control apps are still trying to not be killed also).

With the current setup, there will be a dedicated process for the FxA app but there won't be any nav.id OOP frame. As I previously mentioned the current FxOS Persona implementation (Trusted UI loading the remotely hosted Persona flow from the network) will *not* be involved in the proposed FxA flow.

In any case, I agree with your previous comment about the potential benefits of placing as much code as possible into the platform for this flow. I had a couple of IRC conversations with Jed and Lloyd about this and this is what I know so far:

1. The FxA app is a must to have cause we need to show an UI for the sign-up process.  Unless we build this UI in the System app. but I'll assume that the independent app option is the preferred one.
2. For doing all of this Persona magic, about which I am mostly ignorant but Lloyd and/or Jed can probably explain (please do :) ),  the FxA app has two dependencies: jwcrypto [1] and [2] gherkin.
2.1 jwcrypto is already in Gecko [3] \o/.
2.2 gherkin is a complete new thing to me but seems to be the JS client for this API [4] and it seems to be pending some minification work if it is intended to be loaded within the FxA app. It would be great to know if the entire lib is needed or only a few specific parts (Jed, Lloyd?).

So given the above, I was wondering if we could have an alternative architecture like this one:

1. Move all the Persona magic client side work that is supposed to be done by the FxA app to the platform (that might be mostly what gherkin currently does I guess).
2. Build and expose a FxA DOM API for certified apps only.
3. Turn the FxA app into UI related stuff only and make it consume the FxA DOM API.
4. Make FTU and Settings also consume the FxA DOM API.

What I think are Benefits of this approach:

1. We get rid of the IAC API dependency, which means:
1.1. Simplicity.
1.2. A shorter messaging path. We won't need the System app as a proxy or direct communication between FTU <-> FxA app or Settings <-> FxA app.
1.3. No instances of MozInterAppMessagePort.
1.4. no [5] issue.
2. We don't duplicate the jwcrypto dependency in the content side as we already have it in Gecko.
3. We don't need to launch a new process for the sign-up flow from FTU and Settings or for the consumption of an already signed in account from a RP.
4. We make the FxA process lighter as it would only host the UI for the sign-up process and the FxA DOM API consumer parts.

A couple of random clarifications:

1. I still don't know how this FxA DOM API would look like. I have a remote idea about it, but I'll need to check with Lloyd, Jed and others before.
2. RPs will still use the Persona API (plus the <meta> or manifest thing already mentioned). The FxA DOM API is intended only to allow certified apps to do the required account management work.

Let me know if this makes sense, please.


/ Fernando

[1] https://github.com/mozilla/jwcrypto
[2] https://github.com/mozilla/picl-gherkin
[3] https://mxr.mozilla.org/mozilla-central/source/toolkit/identity/jwcrypto.jsm
[4] https://github.com/mozilla/picl-idp/blob/master/docs/api.md
[5] https://www.w3.org/Bugs/Public/show_bug.cgi?id=23327

More information about the Sync-dev mailing list