Apps/WebApplicationReceiptRefresh

From MozillaWiki
Jump to: navigation, search

The WebApplicationReceipt specification contains a reissue field field. This discusses how this URL works. This is mostly how the page will work for the Mozilla Marketplace.

POST

If the a POST is sent with the full body of the receipt (much like the verification service), then a new receipt will be generated and returned. But only if the following conditions are met:

  • the receipt is still valid and has not been tampered with
  • a new receipt can be issued based on the business logic for the marketplace
  • the receipt has expired or is about to expire (definition of about, to be determined)

If these are not met, then it will issue a status code of 302, pointing to the page where more details can be given. This could be the same page.

If the conditions are met, a new receipt will be returned in JSON with status code of 200:

{'receipt': 'xx....'}

This is expected to be used for reissuing expired receipts. This will occur infrequently and should involve no user interaction.

GET

If the reissue URL is accessed with a GET, it will show a page with a reissue request. The reissue will be done using the relevant JS API (replaceReceipt?), either through user interaction, or automatically. The page will check the following:

  • the user is successfully logged in to the marketplace
  • a new receipt can be issued based on the business logic for the marketplace

If the user is unable to obtain a new receipt, then a message will displayed with the reason.

This is expected to be used for reissuing receipts containing revoked keys or some other problem. This will occur very rarely and will involve user interaction.