Skip to content

Instantly share code, notes, and snippets.

@Natim
Created December 21, 2015 14:59
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save Natim/8333d08b10f20954e7e2 to your computer and use it in GitHub Desktop.
How to connect to Firefox Hello with Firefox Account

First ask for Firefox Account OAuth params

http POST https://loop.services.mozilla.com/v0/fxa-oauth/params

HTTP/1.1 200 OK
Access-Control-Expose-Headers: Hawk-Session-Token
Connection: keep-alive
Content-Length: 331
Content-Type: application/json; charset=utf-8
Date: Mon, 21 Dec 2015 14:50:26 GMT
ETag: W/"14b-IjAzRwrqLRyvPKEcmOuQPA"
Hawk-Session-Token: 89b63513ab938f2172e50b9ed2adf71d9555cd8b14e5d2798780df2e303813f7
Timestamp: 1450709426
Vary: Origin

{
    "client_id": "a8b39c2b1cab72e2",
    "content_uri": "https://accounts.firefox.com",
    "oauth_uri": "https://oauth.accounts.firefox.com/v1",
    "profile_uri": "https://profile.accounts.firefox.com/v1",
    "redirect_uri": "urn:ietf:wg:oauth:2.0:fx:webchannel",
    "scope": "profile",
    "state": "4ee3d6c28cfaa8fd53c390d55f4caa6bf528e01f01ca707d9c3b0c1bcda89df4"
}

Then call the oauth service with this information

http GET "https://oauth.accounts.firefox.com/v1/authorization?state=4ee3d6c28cfaa8fd53c390d55f4caa6bf528e01f01ca707d9c3b0c1bcda89df4&scope=profile&client_id=a8b39c2b1cab722e"
HTTP/1.1 302 Moved Temporarily
Location: https://accounts.firefox.com/oauth/?state=4ee3d6c28cfaa8fd53c390d55f4caa6bf528e01f01ca707d9c3b0c1bcda89df44&scope=profile&client_id=a8b39c2b1cab722e

Follow the redirection and enter your credentials

You get redirected to:

urn:ietf:wg:oauth:2.0:fx:webchannel?state=4ee3d6c28cfaa8fd53c390d55f4caa6bf528e01f01ca707d9c3b0c1bcda89df4&code=be151b23e70aa9595c8a436f797130a36f0630bd108b7c6cdb8ca3004d7d51bc&action=signin

Which is completely hard or impossible to catch...

Then you can authenticate to the Loop server using this code:

http POST https://loop.services.mozilla.com/v0/fxa-oauth/token 4ee3d6c28cfaa8fd53c390d55f4caa6bf528e01f01ca707d9c3b0c1bcda89df4 code=be151b23e70aa9595c8a436f797130a36f0630bd108b7c6cdb8ca3004d7d51bc  --auth-type hawk --auth 89b63513ab938f2172e50b9ed2adf71d9555cd8b14e5d2798780df2e303813f7:

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 123
Content-Type: application/json; charset=utf-8
Date: Mon, 21 Dec 2015 14:56:49 GMT
ETag: W/"7b-r5T6JqADrL2QYRBJshuIYA"
Server-Authorization: Hawk mac="/VMEr0lJiYExZZrEdr7ZuzPTQzrjZglneSX35DnnU8o="
Timestamp: 1450709809
Vary: Origin

{
    "access_token": "a2a5a45a00038d420d42da0b13ac41d423c148d363cf9e57ddf1aa5eaf25c4f8",
    "scope": "profile",
    "token_type": "bearer"
}

Then your session is authenticated and you can use the access_token to get information about the user, email name and avatar.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment