Bugs

• Meta bug for this proof-of-concept
• Sync contacts with CardDAV is another effort by Telefonica people

Auth APIs

There are three different APIs involved in the integration between Firefox Accounts (FxA) and fruux's SabreDAV:

1. Logging into the fruux web dashboard using Persona.
2. Provisioning a fruux username and device-specific password from a FxA assertion.
3. Authenticating each CardDAV requests using HTTP basic auth over TLS.

Provisioning of new fruux accounts or device-specific passwords

Here's how the FxOS app will push a contact to fruux:

1. If it doesn't have a fruux username and password stored (i.e. fresh account), it will call the fruux provisioning API. Otherwise jump to Step 7.
2. The fruux server will receive a FxA assertion which contains a UUID and an email address.
3. If there aren't any user accounts associated with that FxA UUID and email, fruux will create one.
4. Once a user account exists, a new device-specific password will be created.
5. The fruux server will return this username & password to the FxOS app.
6. The FxOS app will store these credentials.
7. Once it has credentials, the FxOS app will use HTTP basic auth in a CardDAV request.
8. If that request fails with a 401 error code, the app will clear its credentials and go back to Step 1, unless it has already tried to reset the credentials (in which case, it silently fails).

User identifier

Initially, fruux will use both the UUID and the email address it gets from FxA to identify users.

Once web logins are done with FxA, the email address will no longer need to be associated with the basic auth credentials.

Revocation of fruux credentials

Since the FxOS application will do silent on-demand provisioning of credentials using FxA assertions as described above, fruux can choose to revoke device-specific passwords whenever it wants, according to its own policies.

Eventually FxA will offer an API for receiving notifications when it recommends that usernames & passwords associated with an FxA UUID be revoked (e.g. when a user reports their device as stolen). That API doesn't exist yet though.

UX Questions

• Are there any other entry points to enabling Contacts backup apart from these:
  • FTE
  • Settings app
  • Contacts app (as described below)
• If FXA password changes, do we keep backing up to fruux using the same fruux password?
  • If not, how do we notify the user that backups have ceased?
• What happens when a user signs out of FXA and signs in with a new FXA account? We presume that:
  • By default, backup is disabled
  • Users can opt in via a message in the Contacts app after adding a first contact
• In the FTE, should users elect to opt in or opt out? (UX prefers elect to opt out)
  • What are the legal vs UX considerations?
• Do we need a separate TOS/PP for fruux, or can we bundle terms in the existing policy?
• If we add a checkbox to the Import Contacts page (FTE), how should we change that page?
  • What is the new copy?
  • What happens to the skip button? (Skipping should not automatically opt in)
• What do the advanced settings look like in the Settings app?
  • What do we show in url, username, and password if the user is using fruux?
  • If the user changes CardDAV settings, is there a way to restore default (fruux)?
  • Can we reach the Settings page before the FXA email is verified?
• If you are not signed in (signed out, kicked out, never signed in), how should the Contacts app invite you to create or sign into an FXA account and begin backing up contacts?
  • Specifically, after creating your first contact:
    • If you are signed in, and not backing up, how do we invite you to opt in?
    • If you are signed out, how do we invite you to sign in/up and opt in?

Crazy Future Ideas

• Watch multiple import sources
• Strategy for backing up new contacts when pulling from multiple sources (where do they go?)