Marketplace migration to Firefox Accounts

In the last year the Firefox Marketplace migrated from Persona to Firefox Accounts. This was done for a couple of reasons, perhaps the biggest being that Firefox OS was switching to Firefox Accounts. On a Firefox OS phone, you will log in once, to the phone and then be automatically logged into the Marketplace.

The migration for the Marketplace had a few unique challenges that some other projects do not have:

  • the Marketplace app supports Firefox OS all the way back to 1.1
  • the Marketplace site supports Android and Desktop clients
  • in the past unverified emails were allowed from Persona
  • Marketplace provides Payments which use the Trusted UI

Firefox Accounts has two different ways to login, a native flow in Firefox OS and an OAuth based flow for Desktop and Android clients. The number of dependencies to complete all that quickly grew out of control, so we focused on the first milestone of ensuring that an OAuth flow worked for all users on all devices.

Migration from a database point of view wasn’t too complicated at first. We store the users email from Persona, all we had to was look at the users email from Firefox Accounts … if a user already existed with that account then they logged in as that account. If not we created a new account.

The unverified emails were a problem to us, because it meant that a user or developer could have an email address that wasn’t routable, accessible or in any way usable. When they migrated to Firefox Accounts an email would be sent to that old email address and they were stuck. We really couldn’t see any around this other than manually verifying accounts as best as possible and moving them over as needed.

For users that already had a Firefox Account through sync and wanted to re-use that on the Marketplace, the Firefox Accounts team added the ability to use a pre-verified token. This allowed a user to start the registration flow as a user, but in the Firefox Accounts sign up use a different email address. At the end of the flow the Marketplace would then detect the difference in the email address, but know which account the flow came from and hook it up correctly.

This then gave birth to a flow chart and after lots of work, but we had a plan:

Screenshot 2015-01-27 11.52.36

Of course the road was not that smooth as the bug list will probably reveal. The biggest difference to any other Firefox Accounts implementors is that the OAuth flow is not the same as the Persona flow. An obvious statement, we thought we had covered until we hit elements like the Trusted UI – at that point it got complicated.

Screenshot 2015-01-30 13.53.23

Once deployed we sent out an email to everyone and waited for the users to come in. Sure enough they did and we saw a large number of transitions within 48 hours.

During this process we made sure emails came out with an email address that could be replied to, I was then able to follow up personally with anyone who had any issues. We also logged login attempts and when we found a bug, I was able to email those people while we fixed and deployed the bug – there were only two people who had a problem at that step, but it felt good to be able to help them.

Firefox Accounts has now been active for over 3 months and this week we turned off the special transition flow and deleted the transition flow as felt enough users and developers had migrated.

What’s next?

  • Getting the native flow deployed for Firefox OS 2.1
  • Moving to an iframe based flow and removing the popup based flow
  • Deeper integration with upcoming Firefox Accounts features, like avatars

Big thanks to the Marketplace team who implemented this and the Firefox Accounts team who did an awful lot of work helping us out.