Help request with a custom primary

[davidi...@gmail.com]

Hi All,
I've hit a bit of a wall developing a custom primary. I can successfully provision an assertion for a 'logged-in' user (and log in with it), but when I call navigator.id.raiseProvisioningFailure from the provisioning page, the login simply fails and I don't see a request for the sign-in page. I've taken a quick look at eyedee.me, and even (I think) copying exactly what it's doing, it's not working. Is anyone able to take a quick look and check if I've misunderstood/done something stupid/found a bug?

The provider is browserid-i5y.herokuapp.com, with te...@browserid-i5y.herokuapp.com provisioned to anyone without any signing-in required (obviously to be changed asap), and I'm unable to get to a (non-functional) sign-in page for te...@browserid-i5y.herokuapp.com

Cheers,
David

[Ozten]

Hi David,
Your system looks good at first blush (well-known, provision,
sign_in).
I'm not sure why raiseProvisioningFailure is misbehaving.

We're digging in to debug and will update this thread once we know
more.
-- ozten

[Ozten]

I think I've reproduced your issue as well as another.

Browser tools aren't great for debugging these types of apps, lots of
errors don't show up in error console :|
So this makes a slow go of it...

https://github.com/mozilla/browserid/issues/1182
https://github.com/mozilla/browserid/issues/1183

Let's work in 1182 on your issue, I'm continuing to debug with a local
browserid server and a local primary.

I'm also taking notes on developer pain points and areas we can make
it easier to troubleshoot as your writing a new primary.

[davidi...@gmail.com]

On 23 Feb 2012, at 20:23, Ozten wrote:

> I think I've reproduced your issue as well as another.

Great.

>
> Browser tools aren't great for debugging these types of apps, lots of
> errors don't show up in error console :|

Yeah. I tried myself, but got lost in the channel...

> So this makes a slow go of it...
>
> https://github.com/mozilla/browserid/issues/1182
> https://github.com/mozilla/browserid/issues/1183
>
> Let's work in 1182 on your issue, I'm continuing to debug with a local
> browserid server and a local primary.

I'm watching the issue, so let me know via a comment there if there's anything I can do

>
> I'm also taking notes on developer pain points and areas we can make
> it easier to troubleshoot as your writing a new primary.

Other than this issue, the main pain is dealing with the base64 encoded chunks, and not really knowing why one is invalid. It'd be cool to have a site you could paste the base64 chunk into and it'd validate with verbose errors. I spent a while trying to use the RS128 alg option to sign the cert, and it is (I think) the case that only RS256 is supported. Verbose errors, and the ability to test code without redeploying a server etc would be great.

David

[Dan Mills]

Note that the encoding is base64url, not base64.

Dan

On Thursday, February 23, 2012 at 12:59 PM, davidi...@gmail.com wrote:

>
> On 23 Feb 2012, at 20:23, Ozten wrote:
>

> > I think I've reproduced your issue as well as another.
>

> Great.

>
> >
> > Browser tools aren't great for debugging these types of apps, lots of
> > errors don't show up in error console :|
> >
>
>

> Yeah. I tried myself, but got lost in the channel...
>

> > So this makes a slow go of it...
> >
> > https://github.com/mozilla/browserid/issues/1182
> > https://github.com/mozilla/browserid/issues/1183
> >
> > Let's work in 1182 on your issue, I'm continuing to debug with a local
> > browserid server and a local primary.
> >
>
>

> I'm watching the issue, so let me know via a comment there if there's anything I can do
>
> >

> > I'm also taking notes on developer pain points and areas we can make
> > it easier to troubleshoot as your writing a new primary.
> >
>
>

> Other than this issue, the main pain is dealing with the base64 encoded chunks, and not really knowing why one is invalid. It'd be cool to have a site you could paste the base64 chunk into and it'd validate with verbose errors. I spent a while trying to use the RS128 alg option to sign the cert, and it is (I think) the case that only RS256 is supported. Verbose errors, and the ability to test code without redeploying a server etc would be great.
>
> David

> _______________________________________________
> dev-identity mailing list
> dev-id...@lists.mozilla.org (mailto:dev-id...@lists.mozilla.org)
> https://lists.mozilla.org/listinfo/dev-identity
>
>

[da...@illsley.org]

Dan Mills <thu...@mozilla.com> wrote:
> Note that the encoding is base64url, not base64.

Yeah... And that there's no padding... That caught me out for a while

[Ben Adida]

On 2/23/12 11:21 PM, da...@illsley.org wrote:
> Dan Mills<thu...@mozilla.com> wrote:
>> Note that the encoding is base64url, not base64.
>
> Yeah... And that there's no padding... That caught me out for a while

FWIW, that appears to be the default base64url approach.

-Ben

[davidi...@gmail.com]

On 24 Feb 2012, at 17:37, Ben Adida wrote:

> On 2/23/12 11:21 PM, da...@illsley.org wrote:

>> Dan Mills<thu...@mozilla.com> wrote:
>>> Note that the encoding is base64url, not base64.
>>
>> Yeah... And that there's no padding... That caught me out for a while
>

> FWIW, that appears to be the default base64url approach.

I'm sure it is.. but clearly no-one told the author of the Base64Url implementation I was trying to use. :(

[Ozten]

As a working document, pain points and tips are being captured here:
https://github.com/ozten/vinz-clortho/blob/master/docs/PRIMARY_PAINPOINTS.md

[Ozten]

Please read https://developer.mozilla.org/en/BrowserID/Primary/Developer_tips if your building a primary.

Lots of good questions in IRC this week!

If you project is sensitive, I'm happy to help via private messages on IRC.

[Dan Mills]

I would rename the section at the bottom ("running your own browserid.org server") and explain what it would mean to run one of those.

It's not that people can't run a copy of it, but a) it won't be invoked by most sites, and b) most sites won't trust it (rightly so!).

Dan