info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Treeherder New Login Flow
88 views
Skip to first unread message
ha...@mozilla.com
Feb 9, 2018, 12:30:26 PM2/9/18
to
Hi,
I am writing to inform you about Treeherder’s new login flow. In the past, logging in with Treeherder meant being redirected to the login.taskcluster.net service. This had a couple of drawbacks, but one of the main annoyance was that credentials expired every 3 days. You are probably already familiar with the following error: "Your credentials are expired. They must expire every 3 days (Bug 1328434). Log out and back in again to refresh your credentials."
The new login flow now uses Auth0 instead of login.taskcluster.net for SSO. Some relevant information to note:
- When you login for the first time, you will get a prompt asking permission for treeherder.mozilla.org to access “full-user-credentials”. It’s not something to be worried about. This is simply a request to access your taskcluster credentials. Bug 1437116 was created to change that to "taskcluster-credentials”.
- Treeherder session will stay alive as long as access to the site happens once every 24 hours. 3 days session expiry is no longer in effect.
- If an email is associated with multiple login providers, then the most secure login method should be used (LDAP > GitHub 2FA > GitHub > Google > Passwordless).
Thanks,
Hassan
I am writing to inform you about Treeherder’s new login flow. In the past, logging in with Treeherder meant being redirected to the login.taskcluster.net service. This had a couple of drawbacks, but one of the main annoyance was that credentials expired every 3 days. You are probably already familiar with the following error: "Your credentials are expired. They must expire every 3 days (Bug 1328434). Log out and back in again to refresh your credentials."
The new login flow now uses Auth0 instead of login.taskcluster.net for SSO. Some relevant information to note:
- When you login for the first time, you will get a prompt asking permission for treeherder.mozilla.org to access “full-user-credentials”. It’s not something to be worried about. This is simply a request to access your taskcluster credentials. Bug 1437116 was created to change that to "taskcluster-credentials”.
- Treeherder session will stay alive as long as access to the site happens once every 24 hours. 3 days session expiry is no longer in effect.
- If an email is associated with multiple login providers, then the most secure login method should be used (LDAP > GitHub 2FA > GitHub > Google > Passwordless).
Thanks,
Hassan
Phil Ringnalda
Feb 9, 2018, 4:29:35 PM2/9/18
to
On 2/9/18 9:30 AM, ha...@mozilla.com wrote:
> - Treeherder session will stay alive as long as access to the site
> happens once every 24 hours. 3 days session expiry is no longer in
> effect.
This doesn't seem to be the case: I'm logged in when I go to bed, and 7
> - Treeherder session will stay alive as long as access to the site
> happens once every 24 hours. 3 days session expiry is no longer in
> effect.
hours later when I get up I'm logged out; I'm logged in when I leave for
work, and 4.5 hours later when I get home on my lunch hour I'm logged out.
Boris Zbarsky
Feb 12, 2018, 9:28:26 PM2/12/18
to
On 2/9/18 12:30 PM, ha...@mozilla.com wrote:
> - Treeherder session will stay alive as long as access to the site happens once every 24 hours. 3 days session expiry is no longer in effect.
This seems to not be working at all. I just carefully recorded the last
> - Treeherder session will stay alive as long as access to the site happens once every 24 hours. 3 days session expiry is no longer in effect.
time I logged in to treeherder: 8:39pm, on Feb 12, 2018, US/Eastern time.
It is now 9:27pm on the same day. I just loaded treeherder. It's
showing me logged out.
The login didn't even last for 1 hour.
Login was done via LDAP.
-Boris
emo...@mozilla.com
Feb 13, 2018, 6:31:01 AM2/13/18
to
emo...@mozilla.com
Feb 21, 2018, 6:23:21 AM2/21/18
to
The switch from `full-user-credentials` to `taskcluster-credentials` has now occurred, meaning users will see a one-off Auth0 scopes prompt for the new permissions next time they log into Treeherder.
The cause of the frequent log-outs is also believed to be fixed - please comment on bug 1437824 if experiencing otherwise. (Sessions will be maintained as long as the site has been visited once every 24 hours; bug 1439858 is filed for seeing if that can be raised to extend over weekends etc)
Best wishes,
Ed
The cause of the frequent log-outs is also believed to be fixed - please comment on bug 1437824 if experiencing otherwise. (Sessions will be maintained as long as the site has been visited once every 24 hours; bug 1439858 is filed for seeing if that can be raised to extend over weekends etc)
Best wishes,
Ed
0 new messages