Project Details

Firefox Accounts is the authentication and authorization system for Cloud Services at Mozilla, providing access to services such as Firefox Sync and Firefox Hello.

This documentation is for contributors wanting to help develop and maintain the Firefox Accounts service. We have separate documentation for other purposes:

Using your Firefox Account

You can create an account or sign in directly on https://accounts.firefox.com, but you almost certainly want to start by using an account-attached service such as Firefox Sync or Firefox Hello.

More information is available on Mozilla's support site.

Integrating with Firefox Accounts

Developing a service that needs Firefox Accounts authentication? Head on over to the Firefox Accounts portal on MDN for a description of the system, how it works, and how to plug into it.

Note that all services integrating with Firefox Accounts require approval (and access credentials) from Mozilla. We are not yet offering Firefox Accounts authentication to third-party reliers on the web.

Links:

• UX and content guidelines for FxA

People and Places

These fine folks are the globally distributed team at the core of Firefox Accounts development, and will be happy to help answer any questions you might have:

• Ryan Kelly - Engineering (Melbourne, approx UTC+10)
• Shane Tomlinson - Engineering (London, approx UTC)
• Vlad Filippov - Engineering (Toronto, approx UTC-5)
• Vijay Budhram - Engineering (Orlando, approx UTC-5)
• Phil Booth - Engineering (London, approx UTC)
• John Morrison - Operations (Mountain View, approx UTC-8)
• Jon Buckley - Operations (Toronto, approx UTC-5)
• Ryan Feeley - UX (Toronto, approx UTC-5)
• Chris Karlof - Identity Services Manager (San Francisco, approx UTC-8)
• Alex Davis - Product Manager (Mountain View, approx UTC-8)

We meet regularly to triage bugs and make grand plans for the future. Anyone is welcome to join us in the following forums:

• Regular video meetings, as noted on the project calendar and with minutes in the coordination etherpad
• The Firefox Accounts mailing list
• The #fxa channel on Mozilla IRC

Code

We mostly follow a micro-services architecture, with each component of the system being developed in a separate repository. The main components fit together like so:

LucidChart View

Edit Component Chart

Most repositories are available via GitHub

You can read more about the details of our development process

Core Servers and Libraries

fxa-content-server

The Content Server hosts static assets (HTML, Javascript, CSS, etc.) that support user interactions with the Firefox Accounts. The responsibilities of the Content Server include:

• hosting a Javascript library that supports interactions with the Auth Server
• hosting login and create account pages
• hosting password reset pages
• hosting landing pages for email verification links
• hosting UI pages for the OAuth login flow

Links:

• latest: https://latest.dev.lcip.org/
• stable: https://stable.dev.lcip.org/
• prod: https://accounts.firefox.com/

Interaction with the Firefox Accounts authentication and OAuth APIs are is done via a Javascript client library. In addition to communicating with the backend servers, it also performs local key stretching (PBKDF2 and scrypt) on the user's password before it's used in the API. It is hosted by the Content Server. This library is called fxa-js-client and at one time called "Gherkin".

fxa-js-client

Links:

• Key stretching details
• Key stretching performance tests

fxa-auth-server

• The Auth Server provides an HTTP API that:
  • authenticates the user
  • enables the user to authenticate to other services via BrowserID assertions
  • enables change and reset password operations
• Links:
  • API documentation
  • Dev deployment
  • Python API client (primarily a reference client)

fxa-oauth-server

• The OAuth Server provides an HTTP API that:
  • accepts BrowserID assertions from the auth-server as authentication
  • implements a standard OAuth2 token-granting flow
• Links:
  • API documentation

fxa-profile-server

A server to provide common profile-related data for a Firefox Account. Such as name, avatar, location, age, gender, etc.

fxa-auth-db-mysql

Database service that includes the database API. As well as MySql and Memory backends.

fxa-customs-server

• FxA uses the Customs Server to detect and mitigate fraud & abuse.
• Deployment: currently pulled in by the auth server as an npm dependency

Other

• fxa-relier-client [DEPRECATED]
• fxa-auth-db-mem [DEPRECATED]
• fxa-auth-db-server [DEPRECATED]
• fxa-easter-egg
• browserid-verifier - FxA enables clients to generate BrowserID assertions on behalf of the user. FxA provides a hosted verifier for verifying these assertions.
  • Verifier library
  • Production deployment

Deployments

For detailed server and deployment information see this MDN page.

Resources

• Meeting Notes Archive

Bugs

Most of our work takes place on github, and we use waffle.io to provide an overview of bug status and activity:

• All GitHub issues for Firefox Accounts

If you have found a bug in FxA, please file it via the dashboard above

There is also a "Core/FxAccounts" bugzilla component that covers the accounts code inside Firefox itself, and a "Server: Firefox Accounts" component for when FxA code interacts with parts of Mozilla that operate out of bugzilla:

• Bugzilla search for "Core/FxAccounts"
• [Bugzilla search for "Server: Firefox Accounts"](https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&component=Server%3A Firefox Accounts&product=Cloud Services)

How To

• Get started with local development
• Run your own FxA server stack

Detailed Stack Diagrams

---

---

---

LucidChart View