dannycoates/outline.md

Created September 15, 2014 21:06

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/dannycoates/09335e6f12b86551c61c.js"></script>
Save dannycoates/09335e6f12b86551c61c to your computer and use it in GitHub Desktop.

Download ZIP

FxA Auth Server Intro Outline

Raw

FxA Auth Server

Purely an API server
Stores account credentials, secret keys, "sessions"
signs keys for assertions

Data Model

Accounts
SessionTokens
KeyFetchTokens
Other tokens (less interesting)
MySql

Depends on

fxa-customs-server
fxa-auth-db-server
fxa-auth-mailer

Serves

Directly
- fxa-content-server
- desktop
- android
Indirectly
- fxa-oauth-server
- tokenserver
- basket
- (marketplace)

Code

Good
- small
- security / crypto
- testing
Bad
- config
- logging
- docs
  - Design doc is excellent
  - API is ok
  - opsy bits are bad
Ugly
- AWS specific bits
- Token hoops
- Notifier pipe

Future

Higher availability

Stuff that should move out

email sending
- mostly ready
bounce processing
(basket api notifier)

Stuff that could move out

signer
scrypt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment