On Fri, May 29, 2015 at 12:59 PM, Victor Ng <[email protected]> wrote:
> Doh. I didn't notice the reply-to doesn't go to the mailing list.... > > ---- > > Thanks Remy! > > I've got a client that seems to login now. I get a code, I pass that into > my EC2 box and in the end I end up getting a JSON blob with a bearer token. > > I'm doing something wrong when I try to fetch the user profile though. > I'm doing something like this: > > curl -v \ > -H "Authorization: Bearer > c004f4d49008326dc873f0d19eef9ee371c788bea0b888fb7aafa422e1d72d30" \ > "https://oauth-stable.dev.lcip.org/v1/profile"; > > Can I use that bearer token from both my phone *and* my EC2 box? How long > can I expect the token to be valid for? > > Yes, you can use this token for talking to the FxA API from both the phone and the EC2 box. These tokens currently live indefinitely (until revoked), but we’re re-working the policies around this. This token is not appropriate for authenticating a phone to *your API*, unless it has an OAuth scope associated with it for your service. That’s something worth considering, though (i.e., adding a scope for your API), because then you wouldn’t need an additional authentication mechanism. -chris > vic > > On Wed, May 20, 2015 at 3:58 AM, Rémy Hubscher <[email protected]> > wrote: > >> Hello Vic, >> >> So basically all you want to do is to get the user id after the login, is >> that right? >> >> If I get it right, all you have to do is to register a client to Firefox >> Account (you can do it yourself for development here: >> https://oauth-stable.dev.lcip.org/console/clients (log with a @ >> mozilla.com email)) >> >> >> All the steps are defined here: >> https://developer.mozilla.org/en-US/docs/Mozilla/Tech/Firefox_Accounts/Introduction >> >> The login flow is the following: >> >> >> 1. You open a browser view with the Firefox Account login page asking >> for a list of scopes (in your case it might be *mozstumbler*) If you >> need the email you may ask *profile:email* as well >> 1. You give a *state*, the *scope*s and your *client_id* >> 2. See >> >> https://github.com/mozilla/fxa-oauth-server/blob/master/docs/api.md#get-v1authorization >> 2. Then the user logs in and is redirected to your service with a *code* >> and a *state* (a session that you gave him) >> 3. Then you talk to the Firefox Account server to exchange this code >> and state with a access token. >> 1. See >> >> https://github.com/mozilla/fxa-oauth-server/blob/master/docs/api.md#post-v1token >> 4. This bearer token give you access to the FxA user id as well >> as the email if you need it. >> 1. >> >> https://github.com/mozilla/fxa-profile-server/blob/master/docs/API.md#get-v1email >> 5. You must also validate that this Bearer token have got the >> *mozstumbler* scope >> >> >> Since you are in an Android app, you will need to setup a redirect url >> that will be catched by your app after the login so that you get back the >> code and state and can handle them. (See >> http://stackoverflow.com/a/2958870/186202) >> >> Hope this helps you, >> >> Rémy >> >> >> >> Le 19/05/2015 22:16, Victor Ng a écrit : >> >> Hi! >> >> We'd like to look at getting FxA integration into the mozilla stumbler, >> but I'm pretty confused as to what I actually need to do. >> >> The use case we have is that we are launching localized leaderboards. >> Basically - geographically scoped score boards. >> >> The intent here is to login to the mobile application - not a particular >> web service. >> >> The name of our app is "Mozilla Stumbler" >> >> We're running our dev leaderboard instance on : >> ec2-52-1-93-147.compute-1.amazonaws.com , we can set the redirect_uri to >> whatever makes sense or is defacto standard for FxA. >> >> >> thanks! >> vic >> >> >> _______________________________________________ >> Dev-fxacct mailing >> [email protected]https://mail.mozilla.org/listinfo/dev-fxacct >> >> >> >> _______________________________________________ >> Dev-fxacct mailing list >> [email protected] >> https://mail.mozilla.org/listinfo/dev-fxacct >> >> > > _______________________________________________ > Dev-fxacct mailing list > [email protected] > https://mail.mozilla.org/listinfo/dev-fxacct > >
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
