On Jun 19, 2014, at 11:23 AM, Ryan Feeley <[email protected]> wrote:
> Hi Andy: > > Definitely glad to be having this discussion because we have imagined this > case as the one big sacrifice of the redirect flow. > > The assumption we’re operating on is that iframed content is problematic for > two reasons: > > 1. iframed content is not secure from the rest of the page (e.g. if you used > 3rd party javascript, it could intercept credentials). A redirect flow avoids > this. Ryan, we can keep framed content secure from the rest of the page. > 2. Authentication is often a multi-step (and possibly multi-factor) process > that needs more wiggle room than an iframe affords. We could theoretically support an iframe approach with the current infrastructure. IMO, the rubber hits the road defining the UX. What would an iframed approach look like? Embedded? Overlay? Full page? We would need Maureen, Ryan, and John to provide input here. (I would vote for light boxed-overlay.) Keep in mind the signup flow involves an email verification step, which could be completed in another tab or the user could choose to open the link in the existing open tab, which would wipe your application state as well. -chris > Popups are an alternative, but what we learned from Persona is that popups > performed poorly in user tests. They misplace them when they go to check > their email, and hey, isn’t popup blocking what made Firefox internet famous? > > Would definitely love to help satisfy your problem, and allow you to tailor > your FxA experience though. > > Other FxAers wants to chime in? > > Ryan Feeley > UX, Cloud Services > Mozilla UX > IRC: rfeeley > > On Jun 19, 2014, at 2:03 PM, Andy McKay <[email protected]> wrote: > >> I know I’ve spoken to some people about this before, but I think we need to >> start the thread. >> >> We would like to ask if its possible for the web based flow to support >> iframes, so that single page JS apps don’t have to interrupt their flow. If >> you plan on using Firefox Accounts web based flow, you have to do a redirect >> to another site, which means preserving your whole state until the flow is >> complete. For example on the marketplace, this might be scrolling through >> lists of apps, or about to write a review. It puts the onus on the app >> developer to preserve the state and re-create it when the flow is complete. >> >> For android, desktop logins we are thinking of opening a new window and >> doing the redirect in that, but for 1.x devices, we are going to lose that >> state. Whilst the marketplace could alter this, its also going to be the >> same problem for any other app. >> >> Andy >> >> >> >> _______________________________________________ >> Dev-fxacct mailing list >> [email protected] >> https://mail.mozilla.org/listinfo/dev-fxacct > > _______________________________________________ > Dev-fxacct mailing list > [email protected] > https://mail.mozilla.org/listinfo/dev-fxacct
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
