- Deciders: Vijay Budhram, Wil Clouser, Stéphanie Ouillon, Frida Kiriakos
- Date: 2022-02-03
To help improve Firefox account adoption we want to give users flexibility when it comes to signing up for an account. To do this we plan on adding support for a limited number of clients that will allow them to create a Firefox account from a Google account.
This ADR covers the options we looked at to integrate with Google Auth.
- Future maintenance
- Ease of integration
- User experience
- Security implications
To add support for Google authentication we have a couple of options
- Load Google’s Identity Services framework directly on FxA domain to implement the authentication
- Load Google’s Identity Services framework on a subdomain of FxA
- Implement Google Oauth2 authorization code flow (does not require 3rd party library)
At this current time we decided to go with Option 3 (Implement Google Oauth2 authorization code flow).
While Option 2 seems like the best compromise between user experience and security, it is more complex and could potentially introduce more bugs. In the future, we can try to prototype this approach.
Pros:
- Very easy to implement
- Google will be deprecating older framework to support this
- Library has several new features such as one-tap signin that greatly reduce friction for creating an account
Cons:
- Can not audit library
- No versioning (we can not see when changes occur)
- No official or clear channel of communication for any updates
- Little visibility on what is going on in the code
- If an attacker exploits a vulnerability in the lib to abuse the flow they might be able to login into an account
Pros:
- Reduces risk of account being abused since library is loaded on a different domain
- Library has several new features such as one-tap signin that greatly reduce friction for creating an account
Cons:
- Requires shuffling around our
email-first
page which could be complex and introduce bugs in our code and metrics - Can not audit library
- No versioning (we can not see when changes occur)
- No official or clear channel of communication for any updates
- Little visibility on what is going on in the code
Pros:
- We don't load any third party javascript
- Google uses oauth and openid standards so the implementation is straightforward
- We can audit our code and push fixes as needed
- User experience would be the same as Pocket Google Auth flow
Cons:
- Would not have one-tap signin and user experience would not be as good as using the Google library
- We can introduce bugs into our code