[External="sync15"] typedef enum DeviceType; /// # Firefox Accounts Client /// /// The fxa-client component lets applications integrate with the /// [Firefox Accounts](https://mozilla.github.io/ecosystem-platform/docs/features/firefox-accounts/fxa-overview) /// identity service. The shape of a typical integration would look /// something like: /// /// * Out-of-band, register your application with the Firefox Accounts service, /// providing an OAuth `redirect_uri` controlled by your application and /// obtaining an OAuth `client_id`. /// /// * On application startup, create a [`FirefoxAccount`] object to represent the /// signed-in state of the application. /// * On first startup, a new [`FirefoxAccount`] can be created by calling /// [`FirefoxAccount::new`] and passing the application's `client_id`. /// * For subsequent startups the object can be persisted using the /// [`to_json`](FirefoxAccount::to_json) method and re-created by /// calling [`FirefoxAccount::from_json`]. /// /// * When the user wants to sign in to your application, direct them through /// a web-based OAuth flow using [`begin_oauth_flow`](FirefoxAccount::begin_oauth_flow) /// or [`begin_pairing_flow`](FirefoxAccount::begin_pairing_flow); when they return /// to your registered `redirect_uri`, pass the resulting authorization state back to /// [`complete_oauth_flow`](FirefoxAccount::complete_oauth_flow) to sign them in. /// /// * Display information about the signed-in user by using the data from /// [`get_profile`](FirefoxAccount::get_profile). /// /// * Access account-related services on behalf of the user by obtaining OAuth /// access tokens via [`get_access_token`](FirefoxAccount::get_access_token). /// /// * If the user opts to sign out of the application, calling [`disconnect`](FirefoxAccount::disconnect) /// and then discarding any persisted account data. namespace fxa_client { }; /// Generic error type thrown by many [`FirefoxAccount`] operations. /// /// Precise details of the error are hidden from consumers, mostly due to limitations of /// how we expose this API to other languages. The type of the error indicates how the /// calling code should respond. /// [Error] enum FxaError { /// Thrown when there was a problem with the authentication status of the account, /// such as an expired token. The application should [check its authorization status]( /// FirefoxAccount::check_authorization_status) to see whether it has been disconnected, /// or retry the operation with a freshly-generated token. "Authentication", /// Thrown when an authenticated account isn't allowed to perform some operation. Unlike /// `Authentication`, there's no problem with the account status. In some cases it /// might be possible to request additional scopes, and once granted, the operation /// may succeed. "Forbidden", /// Thrown if an operation fails due to network access problems. /// The application may retry at a later time once connectivity is restored. "Network", /// Thrown if the application attempts to complete an OAuth flow when no OAuth flow has been initiated for that state. /// This may indicate a user who navigated directly to the OAuth `redirect_uri` for the application. "NoExistingAuthFlow", /// Thrown if the application attempts to complete an OAuth flow, but the state /// tokens returned from the Firefox Account server do not match with the ones /// expected by the client. /// This may indicate a stale OAuth flow, or potentially an attempted hijacking /// of the flow by an attacker. The signin attempt cannot be completed. /// /// **Note:** This error is currently only thrown in the Swift language bindings. "WrongAuthFlow", /// Origin mismatch when handling a pairing flow /// /// The most likely cause of this is that a user tried to pair together two firefox instances /// that are configured to use different servers. "OriginMismatch", /// The sync scoped key was missing in the server response "SyncScopedKeyMissingInServerResponse", /// Thrown if there is a panic in the underlying Rust code. /// /// **Note:** This error is currently only thrown in the Kotlin language bindings. "Panic", /// A catch-all for other unspecified errors. "Other", }; /// The result of invoking a "close tabs" command. /// /// If [`FirefoxAccount::close_tabs`] is called with more URLs than can fit /// into a single command payload, the URLs will be chunked and sent in /// multiple commands. /// /// Chunking breaks the atomicity of a "close tabs" command, but /// reduces the number of these commands that FxA sends to other devices. /// This is critical for platforms like iOS, where every command triggers a /// push message that must show a user-visible notification. [Enum] interface CloseTabsResult { /// All URLs passed to [`FirefoxAccount::close_tabs`] were chunked and sent /// in one or more device commands. Ok(); /// One or more URLs passed to [`FirefoxAccount::close_tabs`] couldn't be sent /// in a device command. The caller can assume that: /// /// 1. Any URL in the returned list of `urls` was not sent, and /// should be retried. /// 2. All other URLs that were passed to [`FirefoxAccount::close_tabs`], and /// that are _not_ in the list of `urls`, were chunked and sent. TabsNotClosed(sequence urls); }; /// Object representing the signed-in state of an application. /// /// The `FirefoxAccount` object is the main interface provided by this crate. /// It represents the signed-in state of an application that may be connected to /// user's Firefox Account, and provides methods for inspecting the state of the /// account and accessing other services on behalf of the user. /// interface FirefoxAccount { /// Create a new [`FirefoxAccount`] instance, not connected to any account. /// /// **💾 This method alters the persisted account state.** /// /// This method constructs as new [`FirefoxAccount`] instance configured to connect /// the application to a user's account. constructor(FxaConfig config); /// Restore a [`FirefoxAccount`] instance from serialized state. /// /// Given a JSON string previously obtained from [`FirefoxAccount::to_json`], this /// method will deserialize it and return a live [`FirefoxAccount`] instance. /// /// **⚠️ Warning:** since the serialized state contains access tokens, you should /// not call `from_json` multiple times on the same data. This would result /// in multiple live objects sharing the same access tokens and is likely to /// produce unexpected behaviour. /// [Throws=FxaError,Name=from_json] constructor([ByRef] string data); /// Save current state to a JSON string. /// /// This method serializes the current account state into a JSON string, which /// the application can use to persist the user's signed-in state across restarts. /// The application should call this method and update its persisted state after /// any potentially-state-changing operation. /// /// **⚠️ Warning:** the serialized state may contain encryption keys and access /// tokens that let anyone holding them access the user's data in Firefox Sync /// and/or other FxA services. Applications should take care to store the resulting /// data in a secure fashion, as appropriate for their target platform. /// [Throws=FxaError] string to_json(); /// Sets the users information based on the web content's login information /// This is intended to only be used by user agents (eg: Firefox) to set the users /// session token and tie it to the refresh token that will be issued at the end of the /// oauth flow. void set_user_data(UserData user_data); /// Initiate a web-based OAuth sign-in flow. /// /// This method initializes some internal state and then returns a URL at which the /// user may perform a web-based authorization flow to connect the application to /// their account. The application should direct the user to the provided URL. /// /// When the resulting OAuth flow redirects back to the configured `redirect_uri`, /// the query parameters should be extracting from the URL and passed to the /// [`complete_oauth_flow`](FirefoxAccount::complete_oauth_flow) method to finalize /// the signin. /// /// # Arguments /// /// - `scopes` - list of OAuth scopes to request. /// - The requested scopes will determine what account-related data /// the application is able to access. /// - `entrypoint` - metrics identifier for UX entrypoint. /// - This parameter is used for metrics purposes, to identify the /// UX entrypoint from which the user triggered the signin request. /// For example, the application toolbar, on the onboarding flow. /// - `metrics` - optionally, additional metrics tracking parameters. /// - These will be included as query parameters in the resulting URL. /// [Throws=FxaError] string begin_oauth_flow([ByRef] sequence scopes, [ByRef] string entrypoint); /// Get the URL at which to begin a device-pairing signin flow. /// /// If the user wants to sign in using device pairing, call this method and then /// direct them to visit the resulting URL on an already-signed-in device. Doing /// so will trigger the other device to show a QR code to be scanned, and the result /// from said QR code can be passed to [`begin_pairing_flow`](FirefoxAccount::begin_pairing_flow). /// [Throws=FxaError] string get_pairing_authority_url(); /// Initiate a device-pairing sign-in flow. /// /// Once the user has scanned a pairing QR code, pass the scanned value to this /// method. It will return a URL to which the application should redirect the user /// in order to continue the sign-in flow. /// /// When the resulting flow redirects back to the configured `redirect_uri`, /// the resulting OAuth parameters should be extracting from the URL and passed /// to [`complete_oauth_flow`](FirefoxAccount::complete_oauth_flow) to finalize /// the signin. /// /// # Arguments /// /// - `pairing_url` - the URL scanned from a QR code on another device. /// - `scopes` - list of OAuth scopes to request. /// - The requested scopes will determine what account-related data /// the application is able to access. /// - `entrypoint` - metrics identifier for UX entrypoint. /// - This parameter is used for metrics purposes, to identify the /// UX entrypoint from which the user triggered the signin request. /// For example, the application toolbar, on the onboarding flow. /// - `metrics` - optionally, additional metrics tracking parameters. /// - These will be included as query parameters in the resulting URL. /// [Throws=FxaError] string begin_pairing_flow([ByRef] string pairing_url, [ByRef] sequence scopes, [ByRef] string entrypoint); /// Complete an OAuth flow. /// /// **💾 This method alters the persisted account state.** /// /// At the conclusion of an OAuth flow, the user will be redirect to the /// application's registered `redirect_uri`. It should extract the `code` /// and `state` parameters from the resulting URL and pass them to this /// method in order to complete the sign-in. /// /// # Arguments /// /// - `code` - the OAuth authorization code obtained from the redirect URI. /// - `state` - the OAuth state parameter obtained from the redirect URI. /// [Throws=FxaError] void complete_oauth_flow([ByRef] string code, [ByRef] string state ); /// Check authorization status for this application. /// /// **💾 This method alters the persisted account state.** /// /// Applications may call this method to check with the FxA server about the status /// of their authentication tokens. It returns an [`AuthorizationInfo`] struct /// with details about whether the tokens are still active. /// [Throws=FxaError] AuthorizationInfo check_authorization_status(); /// Disconnect from the user's account. /// /// **💾 This method alters the persisted account state.** /// /// This method destroys any tokens held by the client, effectively disconnecting /// from the user's account. Applications should call this when the user opts to /// sign out. /// /// The persisted account state after calling this method will contain only the /// user's last-seen profile information, if any. This may be useful in helping /// the user to reconnnect to their account. If reconnecting to the same account /// is not desired then the application should discard the persisted account state. /// void disconnect(); /// Update the state based on authentication issues. /// /// **💾 This method alters the persisted account state.** /// /// Call this if you know there's an authentication / authorization issue that requires the /// user to re-authenticated. It transitions the user to the [FxaRustAuthState.AuthIssues] state. void on_auth_issues(); /// Get the high-level authentication state of the client /// /// Deprecated: Use get_state() instead FxaRustAuthState get_auth_state(); /// Get the current state FxaState get_state(); /// Process an event (login, logout, etc). /// /// On success, update the current state and return it. /// On error, the current state will remain the same. [Throws=FxaError] FxaState process_event(FxaEvent event); /// Get profile information for the signed-in user, if any. /// /// **💾 This method alters the persisted account state.** /// /// This method fetches a [`Profile`] struct with information about the currently-signed-in /// user, either by using locally-cached profile information or by fetching fresh data from /// the server. /// /// # Arguments /// /// - `ignore_cache` - if true, always hit the server for fresh profile information. /// /// # Notes /// /// - Profile information is only available to applications that have been /// granted the `profile` scope. /// - There is currently no API for fetching cached profile information without /// potentially hitting the server. /// - If there is no signed-in user, this method will throw an /// [`Authentication`](FxaError::Authentication) error. /// [Throws=FxaError] Profile get_profile( boolean ignore_cache ); /// Create a new device record for this application. /// /// **💾 This method alters the persisted account state.** /// /// This method registered a device record for the application, providing basic metadata for /// the device along with a list of supported [Device Capabilities](DeviceCapability) for /// participating in the "device commands" ecosystem. /// /// Applications should call this method soon after a successful sign-in, to ensure /// they they appear correctly in the user's account-management pages and when discovered /// by other devices connected to the account. /// /// # Arguments /// /// - `name` - human-readable display name to use for this application /// - `device_type` - the [type](DeviceType) of device the application is installed on /// - `supported_capabilities` - the set of [capabilities](DeviceCapability) to register /// for this device in the "device commands" ecosystem. /// /// # Notes /// /// - Device registration is only available to applications that have been /// granted the `https:///identity.mozilla.com/apps/oldsync` scope. /// [Throws=FxaError] LocalDevice initialize_device([ByRef] string name, DeviceType device_type, sequence supported_capabilities ); /// Get the device id registered for this application. /// /// # Notes /// /// - If the application has not registered a device record, this method will /// throw an [`Other`](FxaError::Other) error. /// - (Yeah...sorry. This should be changed to do something better.) /// - Device metadata is only visible to applications that have been /// granted the `https:///identity.mozilla.com/apps/oldsync` scope. /// [Throws=FxaError] string get_current_device_id(); /// Get the list of devices registered on the user's account. /// /// **💾 This method alters the persisted account state.** /// /// This method returns a list of [`Device`] structs representing all the devices /// currently attached to the user's account (including the current device). /// The application might use this information to e.g. display a list of appropriate /// send-tab targets. /// /// # Arguments /// /// - `ignore_cache` - if true, always hit the server for fresh profile information. /// /// # Notes /// /// - Device metadata is only visible to applications that have been /// granted the `https:///identity.mozilla.com/apps/oldsync` scope. /// [Throws=FxaError] sequence get_devices( boolean ignore_cache ); /// Get the list of all client applications attached to the user's account. /// /// This method returns a list of [`AttachedClient`] structs representing all the applications /// connected to the user's account. This includes applications that are registered as a device /// as well as server-side services that the user has connected. /// /// This information is really only useful for targeted messaging or marketing purposes, /// e.g. if the application wants to advertize a related product, but first wants to check /// whether the user is already using that product. /// /// # Notes /// /// - Attached client metadata is only visible to applications that have been /// granted the `https:///identity.mozilla.com/apps/oldsync` scope. /// [Throws=FxaError] sequence get_attached_clients(); /// Update the display name used for this application instance. /// /// **💾 This method alters the persisted account state.** /// /// This method modifies the name of the current application's device record, as seen by /// other applications and in the user's account management pages. /// /// # Arguments /// /// - `display_name` - the new name for the current device. /// /// # Notes /// /// - Device registration is only available to applications that have been /// granted the `https:///identity.mozilla.com/apps/oldsync` scope. /// [Throws=FxaError] LocalDevice set_device_name([ByRef] string display_name ); /// Clear any custom display name used for this application instance. /// /// **💾 This method alters the persisted account state.** /// /// This method clears the name of the current application's device record, causing other /// applications or the user's account management pages to have to fill in some sort of /// default name when displaying this device. /// /// # Notes /// /// - Device registration is only available to applications that have been /// granted the `https:///identity.mozilla.com/apps/oldsync` scope. /// [Throws=FxaError] void clear_device_name(); /// Ensure that the device record has a specific set of capabilities. /// /// **💾 This method alters the persisted account state.** /// /// This method checks that the currently-registered device record is advertising the /// given set of capabilities in the FxA "device commands" ecosystem. If not, then it /// updates the device record to do so. /// /// Applications should call this method on each startup as a way to ensure that their /// expected set of capabilities is being accurately reflected on the FxA server, and /// to handle the rollout of new capabilities over time. /// /// # Arguments /// /// - `supported_capabilities` - the set of [capabilities](DeviceCapability) to register /// for this device in the "device commands" ecosystem. /// /// # Notes /// /// - Device registration is only available to applications that have been /// granted the `https:///identity.mozilla.com/apps/oldsync` scope. /// [Throws=FxaError] LocalDevice ensure_capabilities( sequence supported_capabilities ); /// Set or update a push subscription endpoint for this device. /// /// **💾 This method alters the persisted account state.** /// /// This method registers the given webpush subscription with the FxA server, requesting /// that is send notifications in the event of any significant changes to the user's /// account. When the application receives a push message at the registered subscription /// endpoint, it should decrypt the payload and pass it to the [`handle_push_message`]( /// FirefoxAccount::handle_push_message) method for processing. /// /// # Arguments /// /// - `subscription` - the [`DevicePushSubscription`] details to register with the server. /// /// # Notes /// /// - Device registration is only available to applications that have been /// granted the `https:///identity.mozilla.com/apps/oldsync` scope. /// [Throws=FxaError] LocalDevice set_push_subscription( DevicePushSubscription subscription ); /// Process and respond to a server-delivered account update message /// /// **💾 This method alters the persisted account state.** /// /// Applications should call this method whenever they receive a push notification from the Firefox Accounts server. /// Such messages typically indicate a noteworthy change of state on the user's account, such as an update to their profile information /// or the disconnection of a client. The [`FirefoxAccount`] struct will update its internal state /// accordingly and return an individual [`AccountEvent`] struct describing the event, which the application /// may use for further processing. /// /// It's important to note if the event is [`AccountEvent::CommandReceived`], the caller should call /// [`FirefoxAccount::poll_device_commands`] /// [Throws=FxaError] AccountEvent handle_push_message([ByRef] string payload ); /// Poll the server for any pending device commands. /// /// **💾 This method alters the persisted account state.** /// /// Applications that have registered one or more [`DeviceCapability`]s with the server can use /// this method to check whether other devices on the account have sent them any commands. /// It will return a list of [`IncomingDeviceCommand`] structs for the application to process. /// /// # Notes /// /// - Device commands are typically delivered via push message and the [`CommandReceived`]( /// AccountEvent::CommandReceived) event. Polling should only be used as a backup delivery /// mechanism, f the application has reason to believe that push messages may have been missed. /// - Device commands functionality is only available to applications that have been /// granted the `https:///identity.mozilla.com/apps/oldsync` scope. /// [Throws=FxaError] sequence poll_device_commands(); /// Use device commands to send a single tab to another device. /// /// **💾 This method alters the persisted account state.** /// /// If a device on the account has registered the [`SendTab`](DeviceCapability::SendTab) /// capability, this method can be used to send it a tab. /// /// # Notes /// /// - If the given device id does not existing or is not capable of receiving tabs, /// this method will throw an [`Other`](FxaError::Other) error. /// - (Yeah...sorry. This should be changed to do something better.) /// - It is not currently possible to send a full [`SendTabPayload`] to another device, /// but that's purely an API limitation that should go away in future. /// - Device commands functionality is only available to applications that have been /// granted the `https:///identity.mozilla.com/apps/oldsync` scope. /// [Throws=FxaError] void send_single_tab([ByRef] string target_device_id, [ByRef] string title, [ByRef] string url, optional boolean is_private = false ); /// Use device commands to close one or more tabs on another device. /// /// **💾 This method alters the persisted account state.** /// /// If a device on the account has registered the [`CloseTabs`](DeviceCapability::CloseTabs) /// capability, this method can be used to close its tabs. [Throws=FxaError] CloseTabsResult close_tabs([ByRef] string target_device_id, sequence urls); /// Get the URL at which to access the user's sync data. /// /// **💾 This method alters the persisted account state.** /// [Throws=FxaError] string get_token_server_endpoint_url(); /// Get a URL which shows a "successfully connceted!" message. /// /// **💾 This method alters the persisted account state.** /// /// Applications can use this method after a successful signin, to redirect the /// user to a success message displayed in web content rather than having to /// implement their own native success UI. /// [Throws=FxaError] string get_connection_success_url(); /// Get a URL at which the user can manage their account and profile data. /// /// **💾 This method alters the persisted account state.** /// /// Applications should link the user out to this URL from an appropriate place /// in their signed-in settings UI. /// /// # Arguments /// /// - `entrypoint` - metrics identifier for UX entrypoint. /// - This parameter is used for metrics purposes, to identify the /// UX entrypoint from which the user followed the link. /// [Throws=FxaError] string get_manage_account_url([ByRef] string entrypoint ); /// Get a URL at which the user can manage the devices connected to their account. /// /// **💾 This method alters the persisted account state.** /// /// Applications should link the user out to this URL from an appropriate place /// in their signed-in settings UI. For example, "Manage your devices..." may be /// a useful link to place somewhere near the device list in the send-tab UI. /// /// # Arguments /// /// - `entrypoint` - metrics identifier for UX entrypoint. /// - This parameter is used for metrics purposes, to identify the /// UX entrypoint from which the user followed the link. /// [Throws=FxaError] string get_manage_devices_url([ByRef] string entrypoint ); /// Get a short-lived OAuth access token for the user's account. /// /// **💾 This method alters the persisted account state.** /// /// Applications that need to access resources on behalf of the user must obtain an /// `access_token` in order to do so. For example, an access token is required when /// fetching the user's profile data, or when accessing their data stored in Firefox Sync. /// /// This method will obtain and return an access token bearing the requested scopes, either /// from a local cache of previously-issued tokens, or by creating a new one from the server. /// /// # Arguments /// /// - `scope` - the OAuth scope to be granted by the token. /// - This must be one of the scopes requested during the signin flow. /// - Only a single scope is supported; for multiple scopes request multiple tokens. /// - `use_cache` - optionally set to false to force a new token request. The fetched /// token will still be cached for later `get_access_token` calls. /// /// # Notes /// /// - If the application receives an authorization error when trying to use the resulting /// token, it should call [`clear_access_token_cache`](FirefoxAccount::clear_access_token_cache) /// before requesting a fresh token. /// [Throws=FxaError] AccessTokenInfo get_access_token([ByRef] string scope, optional boolean use_cache = true); /// Get the session token for the user's account, if one is available. /// /// **💾 This method alters the persisted account state.** /// /// Applications that function as a web browser may need to hold on to a session token /// on behalf of Firefox Accounts web content. This method exists so that they can retrieve /// it an pass it back to said web content when required. /// /// # Notes /// /// - Please do not attempt to use the resulting token to directly make calls to the /// Firefox Accounts servers! All account management functionality should be performed /// in web content. /// - A session token is only available to applications that have requested the /// `https:///identity.mozilla.com/tokens/session` scope. /// [Throws=FxaError] string get_session_token(); /// Update the stored session token for the user's account. /// /// **💾 This method alters the persisted account state.** /// /// Applications that function as a web browser may need to hold on to a session token /// on behalf of Firefox Accounts web content. This method exists so that said web content /// signals that it has generated a new session token, the stored value can be updated /// to match. /// /// # Arguments /// /// - `session_token` - the new session token value provided from web content. /// [Throws=FxaError] void handle_session_token_change([ByRef] string session_token ); /// Create a new OAuth authorization code using the stored session token. /// /// When a signed-in application receives an incoming device pairing request, it can /// use this method to grant the request and generate a corresponding OAuth authorization /// code. This code would then be passed back to the connecting device over the /// pairing channel (a process which is not currently supported by any code in this /// component). /// /// # Arguments /// /// - `params` - the OAuth parameters from the incoming authorization request /// [Throws=FxaError] string authorize_code_using_session_token( AuthorizationParameters params ); /// Clear the access token cache in response to an auth failure. /// /// **💾 This method alters the persisted account state.** /// /// Applications that receive an authentication error when trying to use an access token, /// should call this method before creating a new token and retrying the failed operation. /// It ensures that the expired token is removed and a fresh one generated. /// void clear_access_token_cache(); /// Collect and return telemetry about incoming and outgoing device commands. /// /// Applications that have registered one or more [`DeviceCapability`]s /// should also arrange to submit "sync ping" telemetry. Calling this method will /// return a JSON string of telemetry data that can be incorporated into that ping. /// /// Sorry, this is not particularly carefully documented because it is intended /// as a stop-gap until we get native Glean support. If you know how to submit /// a sync ping, you'll know what to do with the contents of the JSON string. /// [Throws=FxaError] string gather_telemetry(); /// Used by the application to test auth token issues void simulate_network_error(); /// Used by the application to test auth token issues void simulate_temporary_auth_token_issue(); /// Used by the application to test auth token issues void simulate_permanent_auth_token_issue(); }; dictionary FxaConfig { /// FxaServer to connect with FxaServer server; /// Registered OAuth client id of the application. string client_id; /// `redirect_uri` - the registered OAuth redirect URI of the application. string redirect_uri; /// URL for the user's Sync Tokenserver. This can be used to support users who self-host their /// sync data. If `None` then it will default to the Mozilla-hosted Sync server. string? token_server_url_override = null; }; /// FxA server to connect to [Enum] interface FxaServer { Release(); Stable(); Stage(); China(); // deprecated, same as Release LocalDev(); Custom(string url); }; /// Information about the authorization state of the application. /// /// This struct represents metadata about whether the application is currently /// connected to the user's account. /// dictionary AuthorizationInfo { boolean active; }; /// An OAuth access token, with its associated keys and metadata. /// /// This struct represents an FxA OAuth access token, which can be used to access a resource /// or service on behalf of the user. For example, accessing the user's data in Firefox Sync /// an access token for the scope `https:///identity.mozilla.com/apps/sync` along with the /// associated encryption key. /// dictionary AccessTokenInfo { /// The scope of access granted by token. string scope; /// The access token itself. /// /// This is the value that should be included in the `Authorization` header when /// accessing an OAuth protected resource on behalf of the user. string token; /// The client-side encryption key associated with this scope. /// /// **⚠️ Warning:** the value of this field should never be revealed outside of the /// application. For example, it should never to sent to a server or logged in a log file. ScopedKey? key; /// The expiry time of the token, in seconds. /// /// This is the timestamp at which the token is set to expire, in seconds since /// unix epoch. Note that it is a signed integer, for compatibility with languages /// that do not have an unsigned integer type. /// /// This timestamp is for guidance only. Access tokens are not guaranteed to remain /// value for any particular lengthof time, and consumers should be prepared to handle /// auth failures even if the token has not yet expired. i64 expires_at; }; /// A cryptographic key associated with an OAuth scope. /// /// Some OAuth scopes have a corresponding client-side encryption key that is required /// in order to access protected data. This struct represents such key material in a /// format compatible with the common "JWK" standard. /// dictionary ScopedKey { /// The type of key. /// /// In practice for FxA, this will always be string string "oct" (short for "octal") /// to represent a raw symmetric key. string kty; /// The OAuth scope with which this key is associated. string scope; /// The key material, as base64-url-encoded bytes. /// /// **⚠️ Warning:** the value of this field should never be revealed outside of the /// application. For example, it should never to sent to a server or logged in a log file. string k; /// An opaque unique identifier for this key. /// /// Unlike the `k` field, this value is not secret and may be revealed to the server. string kid; }; /// Parameters provided in an incoming OAuth request. /// /// This struct represents parameters obtained from an incoming OAuth request - that is, /// the values that an OAuth client would append to the authorization URL when initiating /// an OAuth sign-in flow. /// dictionary AuthorizationParameters { string client_id; sequence scope; string state; string access_type; string? code_challenge; string? code_challenge_method; string? keys_jwk; }; /// A device connected to the user's account. /// /// This struct provides metadata about a device connected to the user's account. /// This data would typically be used to display e.g. the list of candidate devices /// in a "send tab" menu. /// dictionary Device { string id; string display_name; DeviceType device_type; sequence capabilities; DevicePushSubscription? push_subscription; boolean push_endpoint_expired; boolean is_current_device; i64? last_access_time; }; /// Device configuration dictionary DeviceConfig { string name; DeviceType device_type; sequence capabilities; }; /// Local device that's connecting to FxA /// /// This is returned by the device update methods and represents the server's view of the local /// device. dictionary LocalDevice { string id; string display_name; DeviceType device_type; sequence capabilities; DevicePushSubscription? push_subscription; boolean push_endpoint_expired; }; /// Details of a web-push subscription endpoint. /// /// This struct encapsulates the details of a web-push subscription endpoint, /// including all the information necessary to send a notification to its owner. /// Devices attached to the user's account may register one of these in order /// to receive timely updates about account-related events. /// /// Managing a web-push subscription is outside of the scope of this component. /// dictionary DevicePushSubscription { string endpoint; string public_key; string auth_key; }; /// The payload sent when invoking a "send tab" command. /// dictionary SendTabPayload { /// The navigation history of the sent tab. /// /// The last item in this list represents the page to be displayed, /// while earlier items may be included in the navigation history /// as a convenience to the user. sequence entries; /// A unique identifier to be included in send-tab metrics. /// /// The application should treat this as opaque. string flow_id = ""; /// A unique identifier to be included in send-tab metrics. /// /// The application should treat this as opaque. string stream_id = ""; }; /// The payload sent when invoking a "close tabs" command. /// dictionary CloseTabsPayload { /// The URLs of the tabs to close. sequence urls; }; /// A received tab. Mis-named as the original intent was to keep /// the full "back" history for a tab, where this would be one such /// entry - but that never happened. /// dictionary TabHistoryEntry { string title; string url; boolean is_private = false; }; /// A client connected to the user's account. /// /// This struct provides metadata about a client connected to the user's account. /// Unlike the [`Device`] struct, "clients" encompasses both client-side and server-side /// applications - basically anything where the user is able to sign in with their /// Firefox Account. /// /// /// This data would typically be used for targeted messaging purposes, catering the /// contents of the message to what other applications the user has on their account. /// dictionary AttachedClient { string? client_id; string? device_id; DeviceType device_type; boolean is_current_session; string? name; i64? created_time; i64? last_access_time; sequence? scope; }; /// Information about the user that controls a Firefox Account. /// /// This struct represents details about the user themselves, and would typically be /// used to customize account-related UI in the browser so that it is personalize /// for the current user. /// dictionary Profile { /// The user's account uid /// /// This is an opaque immutable unique identifier for their account. string uid; /// The user's current primary email address. /// /// Note that unlike the `uid` field, the email address may change over time. string email; /// The user's preferred textual display name. string? display_name; /// The URL of a profile picture representing the user. /// /// All accounts have a corresponding profile picture. If the user has not /// provided one then a default image is used. string avatar; /// Whether the `avatar` URL represents the default avatar image. boolean is_default_avatar; }; [Enum] interface FxaState { Uninitialized(); Disconnected(); Authenticating(string oauth_url); Connected(); AuthIssues(); }; [Enum] interface FxaEvent { Initialize(DeviceConfig device_config); BeginOAuthFlow(sequence scopes, string entrypoint); BeginPairingFlow(string pairing_url, sequence scopes, string entrypoint); CompleteOAuthFlow(string code, string state); CancelOAuthFlow(); CheckAuthorizationStatus(); Disconnect(); CallGetProfile(); }; enum FxaRustAuthState { "Disconnected", "Connected", "AuthIssues", }; /// A "capability" offered by a device. /// /// In the FxA ecosystem, connected devices may advertize their ability to respond /// to various "commands" that can be invoked by other devices. The details of /// executing these commands are encapsulated as part of the FxA Client component, /// so consumers simply need to select which ones they want to support, and can /// use the variants of this enum to do so. /// enum DeviceCapability { "SendTab", "CloseTabs", }; /// An event that happened on the user's account. /// /// If the application has registered a [`DevicePushSubscription`] as part of its /// device record, then the Firefox Accounts server can send push notifications /// about important events that happen on the user's account. This enum represents /// the different kinds of event that can occur. /// [Enum] interface AccountEvent { /// Sent when another device has invoked a command for this device to execute. /// /// When receiving this event, the application should inspect the contained /// command and react appropriately. CommandReceived(IncomingDeviceCommand command ); /// Sent when the user has modified their account profile information. /// /// When receiving this event, the application should request fresh profile /// information by calling [`get_profile`](FirefoxAccount::get_profile) with /// `ignore_cache` set to true, and update any profile information displayed /// in its UI. /// ProfileUpdated(); /// Sent when when there has been a change in authorization status. /// /// When receiving this event, the application should check whether it is /// still connected to the user's account by calling [`check_authorization_status`]( /// FirefoxAccount::check_authorization_status), and updating its UI as appropriate. /// AccountAuthStateChanged(); /// Sent when the user deletes their Firefox Account. /// /// When receiving this event, the application should act as though the user had /// signed out, discarding any persisted account state. AccountDestroyed(); /// Sent when a new device connects to the user's account. /// /// When receiving this event, the application may use it to trigger an update /// of any UI that shows the list of connected devices. It may also show the /// user an informational notice about the new device, as a security measure. DeviceConnected(string device_name ); /// Sent when a device disconnects from the user's account. /// /// When receiving this event, the application may use it to trigger an update /// of any UI that shows the list of connected devices. DeviceDisconnected(string device_id, boolean is_local_device ); /// An unknown event, most likely an event the client doesn't support yet. /// /// When receiving this event, the application should gracefully ignore it. Unknown(); }; /// A command invoked by another device. /// /// This enum represents all possible commands that can be invoked on /// the device. It is the responsibility of the application to interpret /// each command. /// [Enum] interface IncomingDeviceCommand { /// Indicates that a tab has been sent to this device. TabReceived(Device? sender, SendTabPayload payload ); /// Indicates that the sender wants to close one or more tabs on this device. TabsClosed(Device? sender, CloseTabsPayload payload); }; dictionary UserData { string session_token; string uid; string email; boolean verified; };