Hi All,
Since my last update, FxA trains 53 and 54 have rolled out to production, and they brought with them the following highlights: * Support for OAuth reliers to use the the OpenID Connect "code" flow, which offers better standardization and some extra security on top of the existing OAuth login flow. * Fixed a bug where internal messages with potentially sensitive info were sent out to hosting content via WebChannel/postMessage. * Fixed a bug that allowed updating profile data using "profile" scoped tokens, rather than the more restrictive "profile:write" scope. * UX improvements for the choose-what-to-sync screen, and the button spinner on mobile view. * Stopped polling for email verification for context=fx-desktop-v2 browsers, since these browsers to the polling natively. * Removed several unused metrics tags, which should dramatically improve the performance of some of our datadog graphs. * Added a "Sync Preferences" button for context=fx-desktop-v3 browsers, that can open about:preferences#sync when clicked. * The avatar display styling is now consistent with how it is displayed in desktop browser UI. * Explicitly disallow attempts to signup as "username@firefox", which is a surprisingly common behavior. * Emit an SQS event to tell Sync when a user resets their password, to ensure faster disconnection of other devices. * Some cleanups for the Firefox-on-iOS marketing snippet. * Lots of fixes and cleanups to the functional tests. As always, you can dig into the details through the CHANGELOG files in each individual repo: https://github.com/mozilla/fxa-content-server/blob/master/CHANGELOG.md https://github.com/mozilla/fxa-oauth-server/blob/master/CHANGELOG.md https://github.com/mozilla/fxa-profile-server/blob/master/CHANGELOG.md https://github.com/mozilla/fxa-auth-server/blob/master/CHANGELOG.md Cheers, Ryan _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
