Skip to content

Instantly share code, notes, and snippets.

@Natim

Natim/hello.rst

Created December 21, 2015 14:59
Show Gist options
  • Save Natim/8333d08b10f20954e7e2 to your computer and use it in GitHub Desktop.
Save Natim/8333d08b10f20954e7e2 to your computer and use it in GitHub Desktop.
Download ZIP
How to connect to Firefox Hello with Firefox Account
Raw
hello.rst

First ask for Firefox Account OAuth params

http POST https://loop.services.mozilla.com/v0/fxa-oauth/params

HTTP/1.1 200 OK
Access-Control-Expose-Headers: Hawk-Session-Token
Connection: keep-alive
Content-Length: 331
Content-Type: application/json; charset=utf-8
Date: Mon, 21 Dec 2015 14:50:26 GMT
ETag: W/"14b-IjAzRwrqLRyvPKEcmOuQPA"
Hawk-Session-Token: 89b63513ab938f2172e50b9ed2adf71d9555cd8b14e5d2798780df2e303813f7
Timestamp: 1450709426
Vary: Origin

{
    "client_id": "a8b39c2b1cab72e2",
    "content_uri": "https://accounts.firefox.com",
    "oauth_uri": "https://oauth.accounts.firefox.com/v1",
    "profile_uri": "https://profile.accounts.firefox.com/v1",
    "redirect_uri": "urn:ietf:wg:oauth:2.0:fx:webchannel",
    "scope": "profile",
    "state": "4ee3d6c28cfaa8fd53c390d55f4caa6bf528e01f01ca707d9c3b0c1bcda89df4"
}

Then call the oauth service with this information

http GET "https://oauth.accounts.firefox.com/v1/authorization?state=4ee3d6c28cfaa8fd53c390d55f4caa6bf528e01f01ca707d9c3b0c1bcda89df4&scope=profile&client_id=a8b39c2b1cab722e"
HTTP/1.1 302 Moved Temporarily
Location: https://accounts.firefox.com/oauth/?state=4ee3d6c28cfaa8fd53c390d55f4caa6bf528e01f01ca707d9c3b0c1bcda89df44&scope=profile&client_id=a8b39c2b1cab722e

Follow the redirection and enter your credentials

You get redirected to:

urn:ietf:wg:oauth:2.0:fx:webchannel?state=4ee3d6c28cfaa8fd53c390d55f4caa6bf528e01f01ca707d9c3b0c1bcda89df4&code=be151b23e70aa9595c8a436f797130a36f0630bd108b7c6cdb8ca3004d7d51bc&action=signin

Which is completely hard or impossible to catch...

Then you can authenticate to the Loop server using this code:

http POST https://loop.services.mozilla.com/v0/fxa-oauth/token 4ee3d6c28cfaa8fd53c390d55f4caa6bf528e01f01ca707d9c3b0c1bcda89df4 code=be151b23e70aa9595c8a436f797130a36f0630bd108b7c6cdb8ca3004d7d51bc  --auth-type hawk --auth 89b63513ab938f2172e50b9ed2adf71d9555cd8b14e5d2798780df2e303813f7:

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 123
Content-Type: application/json; charset=utf-8
Date: Mon, 21 Dec 2015 14:56:49 GMT
ETag: W/"7b-r5T6JqADrL2QYRBJshuIYA"
Server-Authorization: Hawk mac="/VMEr0lJiYExZZrEdr7ZuzPTQzrjZglneSX35DnnU8o="
Timestamp: 1450709809
Vary: Origin

{
    "access_token": "a2a5a45a00038d420d42da0b13ac41d423c148d363cf9e57ddf1aa5eaf25c4f8",
    "scope": "profile",
    "token_type": "bearer"
}

Then your session is authenticated and you can use the access_token to get information about the user, email name and avatar.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment