summaryrefslogtreecommitdiffstats
path: root/services/sync/modules/sync_auth.sys.mjs
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:14:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:14:29 +0000
commitfbaf0bb26397aa498eb9156f06d5a6fe34dd7dd8 (patch)
tree4c1ccaf5486d4f2009f9a338a98a83e886e29c97 /services/sync/modules/sync_auth.sys.mjs
parentReleasing progress-linux version 124.0.1-1~progress7.99u1. (diff)
downloadfirefox-fbaf0bb26397aa498eb9156f06d5a6fe34dd7dd8.tar.xz
firefox-fbaf0bb26397aa498eb9156f06d5a6fe34dd7dd8.zip
Merging upstream version 125.0.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'services/sync/modules/sync_auth.sys.mjs')
-rw-r--r--services/sync/modules/sync_auth.sys.mjs35
1 files changed, 20 insertions, 15 deletions
diff --git a/services/sync/modules/sync_auth.sys.mjs b/services/sync/modules/sync_auth.sys.mjs
index 6b8da4061c..cfa76827d5 100644
--- a/services/sync/modules/sync_auth.sys.mjs
+++ b/services/sync/modules/sync_auth.sys.mjs
@@ -164,7 +164,7 @@ SyncAuthManager.prototype = {
this._token = null;
},
- async observe(subject, topic, data) {
+ async observe(subject, topic) {
this._log.debug("observed " + topic);
if (!this.username) {
this._log.info("Sync is not configured, so ignoring the notification");
@@ -276,7 +276,7 @@ SyncAuthManager.prototype = {
* allows us to avoid a network request for when we actually need the
* migration info.
*/
- prefetchMigrationSentinel(service) {
+ prefetchMigrationSentinel() {
// nothing to do here until we decide to migrate away from FxA.
},
@@ -387,22 +387,28 @@ SyncAuthManager.prototype = {
// Do the token dance, with a retry in case of transient auth failure.
// We need to prove that we know the sync key in order to get a token
// from the tokenserver.
- let getToken = async key => {
+ let getToken = async (key, accessToken) => {
this._log.info("Getting a sync token from", this._tokenServerUrl);
- let token = await this._fetchTokenUsingOAuth(key);
+ let token = await this._fetchTokenUsingOAuth(key, accessToken);
this._log.trace("Successfully got a token");
return token;
};
+ const ttl = fxAccountsCommon.OAUTH_TOKEN_FOR_SYNC_LIFETIME_SECONDS;
try {
let token, key;
try {
this._log.info("Getting sync key");
- key = await fxa.keys.getKeyForScope(SCOPE_OLD_SYNC);
+ const tokenAndKey = await fxa.getOAuthTokenAndKey({
+ scope: SCOPE_OLD_SYNC,
+ ttl,
+ });
+
+ key = tokenAndKey.key;
if (!key) {
throw new Error("browser does not have the sync key, cannot sync");
}
- token = await getToken(key);
+ token = await getToken(key, tokenAndKey.token);
} catch (err) {
// If we get a 401 fetching the token it may be that our auth tokens needed
// to be regenerated; retry exactly once.
@@ -412,8 +418,11 @@ SyncAuthManager.prototype = {
this._log.warn(
"Token server returned 401, retrying token fetch with fresh credentials"
);
- key = await fxa.keys.getKeyForScope(SCOPE_OLD_SYNC);
- token = await getToken(key);
+ const tokenAndKey = await fxa.getOAuthTokenAndKey({
+ scope: SCOPE_OLD_SYNC,
+ ttl,
+ });
+ token = await getToken(tokenAndKey.key, tokenAndKey.token);
}
// TODO: Make it be only 80% of the duration, so refresh the token
// before it actually expires. This is to avoid sync storage errors
@@ -437,7 +446,7 @@ SyncAuthManager.prototype = {
// A hawkclient error.
} else if (err.code && err.code === 401) {
err = new AuthenticationError(err, "hawkclient");
- // An FxAccounts.jsm error.
+ // An FxAccounts.sys.mjs error.
} else if (err.message == fxAccountsCommon.ERROR_AUTH_ERROR) {
err = new AuthenticationError(err, "fxaccounts");
}
@@ -460,17 +469,13 @@ SyncAuthManager.prototype = {
},
/**
- * Generates an OAuth access_token using the OLD_SYNC scope and exchanges it
- * for a TokenServer token.
- *
+ * Exchanges an OAuth access_token for a TokenServer token.
* @returns {Promise}
* @private
*/
- async _fetchTokenUsingOAuth(key) {
+ async _fetchTokenUsingOAuth(key, accessToken) {
this._log.debug("Getting a token using OAuth");
const fxa = this._fxaService;
- const ttl = fxAccountsCommon.OAUTH_TOKEN_FOR_SYNC_LIFETIME_SECONDS;
- const accessToken = await fxa.getOAuthToken({ scope: SCOPE_OLD_SYNC, ttl });
const headers = {
"X-KeyId": key.kid,
};