bugzilla.mozilla.org Now Supports BrowserID

You can now log in to bugzilla.mozilla.org using BrowserID, courtesy of a Bugzilla extension I wrote. Log out and then click the “Login” link in the header and then the orange “Sign in” button to try it.

You can do this – unless, that is, you are a member of certain particularly sensitive groups. While Mozilla has great confidence in the BrowserID technology, it does not have perfect confidence in my coding ;-) Therefore, we are restricting who can log in until we get a little more experience with my extension. Eventually, it’s possible that we might go the other way and require BrowserID for certain sensitive groups, once BrowserID primaries appear with 2-factor authentication. But that’s a little way off yet.

If you visit your permissions page, you can see if you should be able to log in using BrowserID. If you are listed as a member of the “no-browser-id” group, you shouldn’t. Otherwise, you should. The no-browser-id group is currently made up of members of the following groups: admin, bz_sudoers, autoland, generic-assignees, hr, infrasec, legal, and anything with “security” in its name.

7 thoughts on “bugzilla.mozilla.org Now Supports BrowserID

  1. Very cool, but when I try to log in I get a big warning titled Suspicions Actions:

    “It looks like you didn’t come from the right page. One reason could be that you entered the URL in the address bar of your web browser directly, which should be safe. Another reason could be that you clicked on a URL which redirected you here without your consent.

    Are you sure you want to commit these changes?”

    I’m very hesitant to hit “Yes, Confirm Changes”, even though I don’t think I’ve made any changes, and yet if I hit No, I don’t seem to be logged in. What’s the right thing to be doing here?

  2. David: that sounds like it should be a bug report, with clear steps to reproduce, and details of the URL you started at and the one you find yourself at when the error is shown. :-)

  3. It would be nice if the browserid script used defer and/or async tag on the script element, since it’s now in the header for logged-out users and waiting for a response from browserid.org blocks pageload. (Should this be a bug?)

  4. James: I wouldn’t want to use defer/async unless the BrowserID developers confirmed that it was OK and wouldn’t break anything… I agree it would be good to get to a place where this was possible. Perhaps you could take it up with them?

Leave a Reply

Your email address will not be published. Required fields are marked *