The docker branch of fxa-dev currently omits this service. But if there were a docker image available, it could be added back.

Running npm install && npm test, the tests pass but a key warning:

WARNING: WARNING: Node v8.9.0 has currently not been tested against Ember CLI and may result in unexpected behaviour. version: 2.4.0

I updated stable with the fix from mozilla/fxa-oauth-server#223 and was trying to use the console at https://oauth-stable.dev.lcip.org/console.

On either stable or https://oauth-latest.dev.lcip.org/console, when I try to create a client (POST /v1/client), I get a response of '400 Bad Request' for 'Invalid request parameter' naming 'secret' as the problem key.

The request body is '

{
  "name":"jrgm test",
  "redirect_uri":"http://127.0.0.1/",
  "image_uri":"http://127.0.0.1/",
  "secret":null,
  "can_grant":false,
  "whitelisted":true
}

using this endpoint: https://github.com/mozilla/fxa-oauth-server/blob/master/docs/api.md#post-v1destroy

Background color should be full bleed but logos/sign out button should be constrained to the same width as content below

https://github.com/mozilla/fxa-oauth-server/blob/master/config/dev.json#L10

I am looking for this informations:

client_id = <stripped>
client_secret = <stripped>

oauth_uri = https://oauth-stable.dev.lcip.org/
content_uri = https://stable.dev.lcip.org/
profile_uri = https://stable.dev.lcip.org/profile/

I've been doing work to update queues for fxa-dev, and in the course of that, have noticed these sort of failures building fxa-oauth-console. A second try usually works.

NOTIFIED: [oauth-console | install fxa-oauth-console dependencies] ************ 
ok: [ec2-52-88-228-159.us-west-2.compute.amazonaws.com]

NOTIFIED: [oauth-console | build fxa-oauth-console assets] ******************** 
failed: [ec2-52-88-228-159.us-west-2.compute.amazonaws.com] => {"changed": true, "cmd": ["node_modules/.bin/ember", "build", "--environment\
=production"], "delta": "0:00:02.793024", "end": "2015-10-20 22:33:30.429085", "rc": 1, "start": "2015-10-20 22:33:27.636061", "warnings": \
[]}
stdout: 
Missing npm packages:
Package: ember-cli-qunit
  * Specified: 1.0.0
  * Installed: (not installed)

Package: ember-cli-release
  * Specified: 0.2.3
  * Installed: (not installed)

Package: ember-cli-sri
  * Specified: 1.0.3
  * Installed: (not installed)

Package: ember-cli-uglify
  * Specified: 1.2.0
  * Installed: (not installed)

Package: grunt
  * Specified: ^0.4.5
  * Installed: (not installed)
..f
...

On: https://oauth-stable.dev.lcip.org/console/client/register

To match the correspoding terminology change on the oauth server.

We can't reach http://oauth-latest.dev.lcip.org/console/ nor https://oauth-stable.dev.lcip.org/console to create new OAuth client tokens to add FxA Auth to http://browsercompat.herokuapp.com/.

developer.accounts.firefox.com?

Lots of people forget to check this, let's make it easy.

Actions such as "Create new client" / "Delete" should have icons next to them.

Steps to reproduce:

1. Go to create a new client (https://oauth-stable.dev.lcip.org/console/client/register)
2. Omit the Image URI

Expected Results:

• Create the client without an image
  or
• Show an error message that image is required

Actual Results:
Nothing, and this is in the log:

{"code":400,"errno":109,"error":"Bad Request","message":"Invalid request parameter","info":"https://github.com/mozilla/fxa-oauth-server/blob/master/docs/api.md#errors","validation":{"source":"payload","keys":["image_uri"]}}

• show list of registered clients
• add client
• edit client
• delete client
• get OAuth token for client requested scopes for the console "client"

Meta bug for shipping this management tool to production.

• Get CLI in Ops hands
• Implement Client Owners
• Deploy Client Owners to production
• Add owners to current clients (@ckarlof, @ckolos, @jrgm?)
• Remove prod guard from OAuth Server
• behind a mozilla-only security wall of some kind (e.g. VPN only access)

I copy/pasted a redirect_uri into the OAuth console last week and was later informed by the developer the redirect_uri had an unexpected space at the end when redirecting back to their site. Sure enough, I went back into the console and a space was at the end of the redirect_uri. redirect_uri should be trimed to remove leading and trailing whitespace.

Steps to reproduce

$ npm run outdated

> [email protected] outdated /Users/pdehaan/dev/github/fxa-oauth-console
> npm outdated --depth 0

A few of these look a bit "stale", notably these:

$ npm shrinkwrap --dev
wrote npm-shrinkwrap.json

$ nsp audit-shrinkwrap
Name          Installed   Patched  Vulnerable Dependency
qs              0.6.6     >= 1.x   fxa-oauth-console > bower > bower-registry-client > request
qs              0.6.6     >= 1.x   fxa-oauth-console > bower > bower-registry-client > request
validator       1.5.1    >=3.22.1  fxa-oauth-console > convict
validator       1.5.1     >=2.0.0  fxa-oauth-console > convict
qs              0.6.6     >= 1.x   fxa-oauth-console > ember-cli > bower > bower-registry-client > request
qs              0.6.6     >= 1.x   fxa-oauth-console > ember-cli > bower > bower-registry-client > request
serve-static    1.7.1     >=1.7.2  fxa-oauth-console > ember-cli > express
connect         2.7.2     >=2.8.1  fxa-oauth-console > ember-cli > testem > express
qs              0.5.1     >= 1.x   fxa-oauth-console > ember-cli > testem > express > connect
qs              0.5.1     >= 1.x   fxa-oauth-console > ember-cli > testem > express > connect
send            0.1.0    >= 0.8.4  fxa-oauth-console > ember-cli > testem > express

If I bump convict and ember-cli to their latest versions, and re-shrinkwrap and re-run nsp, then that only leaves these results:

Name          Installed   Patched  Vulnerable Dependency
qs              0.6.6     >= 1.x   fxa-oauth-console > bower > bower-registry-client > request
qs              0.6.6     >= 1.x   fxa-oauth-console > bower > bower-registry-client > request
qs              0.6.6     >= 1.x   fxa-oauth-console > ember-cli > bower > bower-registry-client > request
qs              0.6.6     >= 1.x   fxa-oauth-console > ember-cli > bower > bower-registry-client > request

I'd file a Bower bug to update that pesky (and vulnerable) module, but... bower/bower#1452

Also (just to make this the worst bug report of all times), I noticed that we have ember-cli listed as a dependency AND a devDependency. Both use "ember-cli": "0.1.4", so it isn't a huge deal, but it did blow up my attempt at rerunning shrinkwrap after running npm i ember-cli@latest -S since I was then trying to install 0.1.4 and 0.1.7 and shrinkwrap really didn't like that. Manually removing it as a devDependency and then rerunning npm shrinkwrap --dev worked like a champ though.

Make the console an FxA relier

Part of mozilla/fxa-oauth-server#230

Not sure what the admin interface would be, but it could be to manage scopes.

Start of a way to audit changes to the relier DB.

Steps to reproduce:
Sign up for an account on stable: https://oauth-stable.dev.lcip.org/console/clients

Expected results:
Email verification should show up in my Inbox

Actual results:
Email verification went to my Spam

@jwhitlock apparently got this working for his instance of web-platform-compat, but here's what I tried ...

Steps to reproduce:

1. Create a brand new client at https://oauth-stable.dev.lcip.org/console/clients (mine is https://oauth-stable.dev.lcip.org/console/client/fa35c5aaaa8aebc7)
2. Copy the FxA credentials into django-allauth db
3. Try to sign in with Firefox Account

Expected results:
Sign in works

Actual results:
Generic "Bad request" page: https://accounts.firefox.com/400.html?message=Unknown%20client&errno=101&namespace=oauth

When I look at my client in the console, I notice "Whitelisted Client: (Currently required for all clients)" is un-checked. When I check it and click "Update", it doesn't seem to save?

STR:

1. https://oauth-stable.dev.lcip.org/console/clients
2. Click "Create a new OAuth Client"
3. Click "Cancel"

Expected Results:
Table back on https://oauth-stable.dev.lcip.org/console/clients should have the same rows as before

Actual Results:
There's an empty row for the client that wasn't added.

I tried to access the console at https://oauth-latest.dev.lcip.org/console/
I tried a few different passwords
I got "Client has sent too many requests" error
I clicked "Forgot password"
I reset my password
I went back to https://oauth-latest.dev.lcip.org/console/login
I entered my new password

Expected results:
https://oauth-latest.dev.lcip.org/console/

Actual results:
I bounce thru /auth/v1/account/login, /console/, /console/oauth/logout, and I land back on /console/login

We're working on a developer console for the push service. We're starting to create our base template and UI.

I like the design here, but I notice it's using Ember? How is the Ember code? Should we look at something else?

AMO makes changes to their OAuth clients (changes redirect uri, etc) and asked for client sharing

[10:11:53] vladikoff: is there a way generally to get access to clients other people have created? It would be better if multiple people could change it rather than having to create a new one each time someone leaves / is on PTO

The readme for this repository says:

This repository has been migrated to https://github.com/mozilla/fxa/tree/master/packages/fxa-oauth-console
Please file issues and open pull requests against https://github.com/mozilla/fxa

But that's a 404 and all the other repositories that got pulled in to the monorepo were archived. Is this repository still used? /cc @shane-tomlinson @dannycoates

Steps to reproduce:
0. (Maybe) Stay out of the dev console for a really long time - trigger a session timeout?
0. (Maybe) Sign in to the dev console with a [email protected] email address?

1. Go to https://oauth-stable.dev.lcip.org/console/client/register
2. Enter values

• Client Name: Moz Push Service Dev Dashboard (Local)
• Redirect URI: http://127.0.0.1:8000/accounts/fxa/login/callback/
  1. Click Create

Expected results:
Show the client secret and sample configuration

Actual results:
Big js stacktrace in console error log.

I can't even get the thing to build/test with node 10.

See https://github.com/mozilla/fxa/blob/master/packages/fxa-oauth-console/.travis.yml#L13