Skip to content
This repository was archived by the owner on Nov 1, 2018. It is now read-only.

How do I integrate with Firefox Accounts?

Jump to bottom
ckarlof edited this page Aug 1, 2014 · 5 revisions

Overview

Firefox Accounts is an identity provider. The primary goal of Firefox Accounts is to provide user identities for an ecosystem of attached services.

The concerns of Firefox Accounts include:

  • Provide a way for users to identify themselves (currently email address)
  • Provide a way for users to authenticate themselves (currently password)
  • Provide a stable user identifier (i.e. uid)
  • Provide a way for relying services to delegate authentication concerns to Firefox Accounts
  • Host core associated user profile data (e.g., profile image, screen name, etc) and provide this data to its relying services

The concerns of Firefox Accounts do not include storing application or user data specific to each relying service. This is the responsibility of each relying service. Firefox Accounts only will host user data that is relevant to at least 2 (but hopefully more) relying services (e.g., a profile image). In the future, we may build a service that allow "serverless" applications to store user data, but this would be separate service and not Firefox Accounts.

Integrating with FxA on the Web

Web applications (i.e., assuming no additional client support) integrate with Firefox Accounts via our OAuth 2.0 API. Firefox Accounts OAuth integration is currently limited to Mozilla relying services. We have the intention to, in the future, allow third-party services to delegate authentication to Firefox Accounts, but have no committed timeline for this.

Contact the FxA team to obtain OAuth credentials

If you're not a Mozilla service, please be informed you cannot be a relying service at this time. If you're a Mozilla service, email dev-fxacct@mozilla.org to inform us of you're desire to be a relying service, we'll be in touch.

You need to provide us with the following information:

  • name: a user friendly name of your service
  • redirect_uri: a GET HTTPS endpoint on your service that we can transfer control back to after user authentication has completed
  • (optional) image_uri: a URI of a user friendly image or icon for your service (Note: this is currently not used and underspecified)

We will respond with your client information, possibly with multiple versions for different environments (e.g., production, development, etc.):

  • client_id: an 8 byte hex encoded client identifier for your service. This value is not secret.
  • client_secret: a 32 byte hex encoded secret for your service to authenticate itself to the back end FxA OAuth service. This value is secret. Despite its name, this value should never be stored on or given to untrusted client code on users' machines. It should only be used from the service's backend machines to access authenticated FxA OAuth endpoints (e.g., https://github.com/mozilla/fxa-oauth-server/blob/master/docs/api.md#post-v1token).
  • redirect_uri: the redirect_uri you gave us

We currently have no automated way to provision relying services, and it will be handled out of band. The client_secret is your responsibility to keep safe. If you lose it, we have no way to recover it, and it will be necessary to issue you a new secret.

Initiating FxA login

Using the FxA OAuth API directly

Using the FxA Oauth client library

Integrating with FxA on Desktop Firefox

Integrating with FxA on Firefox for Android

Integrating with Firefox Accounts on Firefox OS

Clone this wiki locally