Date: December 5, 2018
*Background*
Because of local regulations, Mozilla China runs its own FxA stack that has
several customizations. Hector from the Mozilla China team regularly pulls
the latest versions of the FxA code and adds their local modifications.
Sometimes this goes smootly, sometimes not. We try to catch up at work
weeks to see whether we can make their lives simpler.
How hard have the reverse merges been?
- Usually alright, sometimes a pain.
- Can we merge some of the china code into baseline repos?
- Logging is the most sensitive
- Phone numbers are only added for registration for OAuth users.
- 2FA like flow.
- Profile server and auth server are simpler than the content
server.
- COPPA, SMS to connect another device is not needed.
Profile photo Error detection
- A proxy server in front of the profile server
- result.shouldRemove on /v1/avatar/upload
If we remove BrowserID assertions, will that cause problems?
- Sending SMSs for OAuth verification will break, but there are
alternatives.
Will merging the auth server and OAuth server cause any pain?
- No.
Have you figured out the problems with the mozilla.org side of things?
- Yes
Should we try to send Mozilla China log data through our pipeline
(flow/amplitude events)?
- Mozilla China has several million accounts and we have little insight
into how those users act/react. Does it make sense to send Mozilla China
events to our metrics processing pipeline?
- Their logs are currently sent to Alibaba for processing, would need to
start sending to AWS.
- Suggestion:get one day’s data somewhere, send it to Amplitude
- We’d need to be careful of uid clashes here though, presumable the
hmac key is different for hashing UIDs
FxA’s GCP migration
- No immediate concern.
- As long as GCP requirements are done in a modular fashion, should be
OK.
China awareness in Rust/Android/iOS components: API design & implementation
- When writing components, keep in mind the Mozilla hosted stack is not
the only stack. It needs to be easy to point at alternative servers.
Seamless OAuth login for China based qq.com/163.com/126.com users?
- I didn't capture enough context here!
*Follow up bugs opened*
-
Content-server: Add the ability to customize the desktop background
<https://github.com/mozilla/fxa-content-server/issues/6737>
-
Content-server: Add ability to feature flag COPPA
<https://github.com/mozilla/fxa-content-server/issues/6736>
-
Content-server: Integrate the Mozilla China phone number verification
screens behind a feature flag
<https://github.com/mozilla/fxa-content-server/issues/6738>
-
Profile-server: Add hooks to check uploaded profile photos
<https://github.com/mozilla/fxa-profile-server/issues/358>
Hector or Phil, is there anything else that should be added to these notes?
Maybe some more info on the "Seamless OAuth login for China based
qq.com/163.com/126.com users"?
Shane
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
