Socorro/GoogleAuth

From MozillaWiki
Jump to: navigation, search

Summary

For Bug 1273032, we transitioned from Persona to Google Sign-In. This work was done over the course of 2016 alongside many other Mozilla sites and in consultation with the Persona team.

This wiki page roughly covers why we picked Google Sign-In and also common questions.

FAQ

Why Google Sign-In and not Other-Thing?

There are a lot of auth systems out there. Socorro contains crash data which contains personally identifiable information of our users. We take extreme pains to make sure this data is safe and secure. Because of that, Socorro has requirements that go above and beyond those of other Mozilla sites.

One of those requirements is that our auth system needs to be LDAP backed such that we can revoke access to people when they leave the Mozillaverse. Another requirement is that non-employees can log in.

Persona was great for this. Now that Persona is going away, we were pretty limited with our options and settled on Google Sign-In.

This comment covers the reasoning: https://bugzilla.mozilla.org/show_bug.cgi?id=1273032#c2

Are we thrilled about this situation? No. Does it have downsides? Yes. It's the best we can do at this time.

When will we revisit this decision? If a compelling solution that meets our needs comes up that other Mozilla sites with similar needs have switched to, we'll revisit the decision.

Can't be logged into Socorro and other Google properties with two different accounts

Google Sign-In is used for Google mail and other Google properties. Because of that, if you're logged into Socorro with one identity, you can't use a different identity with other Google apps in the same browser. There isn't anything we can do about this.

Some ways around this:

  1. Use two different browsers. Maybe log into Google properties with one browser and Socorro with a different one?
  2. Use two different profiles. Launch two separate instances of Firefox with two different profiles?
  3. Use Firefox Nightly which has contextual identity tabs.

Can't log in

Third-party cookies are disabled

One common cause for this is if you've disabled third-party cookies. Google auth requires that you accept third-party cookies always.

To switch to Always:

  1. Go to Preferences.
  2. Click on the Privacy tab.
  3. In the History section, select Always in the Accept third-party cookies dropdown.

If you don't want to enable third-party cookies, you should use Socorro with a different browser that you only use for Socorro.

Some other thing

If you still can't log into Socorro with Google Sign-In, please write up a bug.

I don't have a Google account / email address

You do need to have a Google account in order to log into crash-stats. However you can create a Google account without having a Google email address: Create your Google Account.