Hi All, This week we'll be rolling FxA train-36 to production. It includes a lot of changes to better support third-party OAuth reliers, with more to come in train-37. Thanks to everyone for helping to get the following features through this cycle:
On the Frontend: * Add an oauth destination that intelligently chooses between signup and signin. * Ensure we can provide encryptions keys when the relier asks for them. * Add `change_password` and `delete_account` messages for FxDesktop broker. * Fix some timing issues in browser-based tests. * Fix a spec violation in our CSP policy. * Fix legal templates for "es" locale. * A few styling improvements and fixes. On the Backend: * Allow untrusted third-party reliers, but restrict the scopes that they can request. * Rename the `whitelisted` relier property to `trusted` for improved clarity around the above change. * Add `terms_uri` and `privacy_url` fields to relier metadata. * Make the /profile endpoint return a subset of information for tokens with a subset of profile:* scopes. * If no `action` is specified when starting the oauth dance, redirect to a page that will intelligently choose between signup and signin. * Add support for "developers" who can admin oauth client details in the dev environment console. * Improve consistency of language handling between frontend and backend repos. * Improved logging and configuration options on the oauth server. As always, you can dig into the details through the CHANGELOG files in each individual repo: https://github.com/mozilla/fxa-auth-server/blob/master/CHANGELOG https://github.com/mozilla/fxa-oauth-server/blob/master/CHANGELOG.md https://github.com/mozilla/fxa-profile-server/blob/master/CHANGELOG.md https://github.com/mozilla/fxa-content-server/blob/master/CHANGELOG.md Cheers, Ryan _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
