Hi,
I am writing to inform you about Treeherder’s new login flow. In the past, logging in with Treeherder meant being redirected to the
login.taskcluster.net service. This had a couple of drawbacks, but one of the main annoyance was that credentials expired every 3 days. You are probably already familiar with the following error: "Your credentials are expired. They must expire every 3 days (Bug 1328434). Log out and back in again to refresh your credentials."
The new login flow now uses Auth0 instead of
login.taskcluster.net for SSO. Some relevant information to note:
- When you login for the first time, you will get a prompt asking permission for
treeherder.mozilla.org to access “full-user-credentials”. It’s not something to be worried about. This is simply a request to access your taskcluster credentials. Bug 1437116 was created to change that to "taskcluster-credentials”.
- Treeherder session will stay alive as long as access to the site happens once every 24 hours. 3 days session expiry is no longer in effect.
- If an email is associated with multiple login providers, then the most secure login method should be used (LDAP > GitHub 2FA > GitHub > Google > Passwordless).
Thanks,
Hassan