Firefox Accounts for Discourse

leo · November 2, 2015, 5:14pm

With Pocket now supporting Firefox Accounts, it looks like Mozilla is opening it up to third parties. With Persona possibly being discontinued at some point in the future, I think it makes a lot of sense for us to find out if we can get access to the API, and if we can’t, ask why.

One problem I envisage with our implementation is the question of what emails people have signed up to Firefox Accounts with and what emails people have signed up to Discourse with. Personally, I use my gmail address with Firefox Accounts - which would be a problem when signing in here, because here I use my community gapps address and, unlike Persona, Firefox Accounts doesn’t support mutliple emails per account. Because of this, I think it makes sense to tie Firefox Accounts in with SSO. This would mean I could sign into the SSO server with my Firefox Account, which would then sign me into multiple Discourse instances (no matter what email address is registered locally) with SSO.

Thoughts?

logan · May 27, 2015, 4:59am

I don’t think we should worry about switching authentication systems until Mozilla announces an EOL of Persona (for which they said there would be a year’s notice). If that happens, they will almost definitely provide a migration path to Firefox Accounts, assuming it is open to third parties. AFAIK, the Pocket use of FxA is something custom that was worked on directly with Mozilla, and it’s not open for just anyone to use.

meteor · May 27, 2015, 7:10am

Firefox Accounts

tad · May 27, 2015, 9:08am

Can we implement without replacing?

We shouldn’t replace Persona yet, but if we can have both, then I’d be happy with that.

Sounds like we might be able to do this with SSO, am I right? I have more thoughts but I expect my connection to drop in about 8 minutes (I take this train route a lot) and I don’t want to have to race to finish writing

leo · May 28, 2015, 2:04pm

As @tad said we can have both with SSO, as well as adding (if we want to) support for Yahoo login, or w/e.

I think it’s important that we do this before Persona becomes EOLed because, as we saw with the recent Persona problem, relying on a single auth system can put us in a tricky situation if it breaks.

We’re not “just anyone”, are we?

majken · May 29, 2015, 1:14am

I think we have generally agreed that we’re in the same boat as Mozillians. I don’t think we should try to make any changes until Mozillians and Reps have to as well.

majken · May 30, 2015, 3:45pm

I guess I should clarify, if someone is really interested in trying to get it work then of course they should pursue an interest. I’m just saying I don’t believe we should necessarily prioritize it or plan for it right now compared to the other things in the list.

leo · June 11, 2015, 12:02am

I guess I wasn’t good a researching before I made the first post, but I stumbled upon this today:

leo · November 2, 2015, 5:17pm

The SSO stuff above isn’t relevant anymore, but:

I’ve tested all can, since the development creds I got had a space in the callback uri (leading the browser to be redirected back to /callback ?foo=bar, and erroring out), and I’ll test the rest once that’s fixed.

We need to file a bug to get access to staging/prod.

desktopd · April 2, 2016, 6:40am

Reviving the topic.

Though we loved Persona (BrowserID), it will be gone. Decentralized / email-based logins are still promising, however [1].

https://discourse.mozilla-community.org/t/some-thoughts-on-the-state-of-mozilla/7702

https://wiki.mozilla.org/Identity/Persona_AAR

Does this mean that the logins at https://addons.mozilla.org and here (discourse.mozilla-community.org) will be merged?

Firefox Accounts have one problem: cannot change the email addresses. This is somewhat inconvenient. Do you have some plans on it?

leo · May 8, 2017, 3:48pm