Welcome to Firefox Accounts!

Firefox Accounts is the authentication and authorization system for Cloud Services at Mozilla, providing access to services such as Firefox Sync and Firefox Hello.

This documentation is for contributors wanting to help develop and maintain the Firefox Accounts service. We have separate documentation for other purposes:

Using your Firefox Account

You can create an account or sign in directly on https://accounts.firefox.com, but you almost certainly want to start by using an account-attached service such as Firefox Sync or Firefox Hello.

More information is available on Mozilla's support site.

Integrating with Firefox Accounts

Developing a service that needs Firefox Accounts authentication? Head on over to the Firefox Accounts portal on MDN for a description of the system, how it works, and how to plug into it.

Note that all services integrating with Firefox Accounts require approval (and access credentials) from Mozilla. We are not yet offering Firefox Accounts authentication to third-party reliers on the web.

Links:

People and Places

These fine folks are the globally distributed team at the core of Firefox Accounts development, and will be happy to help answer any questions you might have:

We meet regularly to triage bugs and make grand plans for the future. Anyone is welcome to join us in the following forums:

Code

We mostly follow a micro-services architecture, with each component of the system being developed in a separate repository. The main components fit together like so:

High-level architecture diagram showing relationships between different FxA services

LucidChart View

Edit Component Chart

Most repositories are available via GitHub

You can read more about the details of our development process

Core Servers and Libraries

fxa-content-server

The Content Server hosts static assets (HTML, Javascript, CSS, etc.) that support user interactions with the Firefox Accounts. The responsibilities of the Content Server include:

  • hosting a Javascript library that supports interactions with the Auth Server
  • hosting login and create account pages
  • hosting password reset pages
  • hosting landing pages for email verification links
  • hosting UI pages for the OAuth login flow

Links:

Interaction with the Firefox Accounts authentication and OAuth APIs are is done via a Javascript client library. In addition to communicating with the backend servers, it also performs local key stretching (PBKDF2 and scrypt) on the user's password before it's used in the API. It is hosted by the Content Server. This library is called fxa-js-client and at one time called "Gherkin".

fxa-js-client

Links:

fxa-auth-server

fxa-oauth-server

  • The OAuth Server provides an HTTP API that:
    • accepts BrowserID assertions from the auth-server as authentication
    • implements a standard OAuth2 token-granting flow
  • Links:

fxa-profile-server

A server to provide common profile-related data for a Firefox Account. Such as name, avatar, location, age, gender, etc.

fxa-auth-db-mysql

Database service that includes the database API. As well as MySql and Memory backends.

fxa-customs-server

  • FxA uses the Customs Server to detect and mitigate fraud & abuse.
  • Deployment: currently pulled in by the auth server as an npm dependency

Other

Deployments

For detailed server and deployment information see this MDN page.

Resources

Bugs

Most of our work takes place on github, and we use waffle.io to provide an overview of bug status and activity:

If you have found a bug in FxA, please file it via the dashboard above

There is also a "Core/FxAccounts" bugzilla component that covers the accounts code inside Firefox itself, and a "Server: Firefox Accounts" component for when FxA code interacts with parts of Mozilla that operate out of bugzilla:

How To

Detailed Stack Diagrams




LucidChart View