thunderbird_accounts.authentication.permissions

Classes

`IsClient`()	Allows access only to Clients matching secret, host, and activeness.
`IsValidFXAWebhook`()

class thunderbird_accounts.authentication.permissions.IsClient[source]

Bases: BasePermission

Allows access only to Clients matching secret, host, and activeness.

has_permission(request, view)[source]: Return True if permission is granted, False otherwise.

class thunderbird_accounts.authentication.permissions.IsValidFXAWebhook[source]

Bases: BaseAuthentication

authenticate(request)[source]

A port of get_webhook_auth from Appointment. We don’t have a great way to test this flow since setting up FXA locally is a bit of work. But we know this auth flow does work from our time using it on Appointment.

Take in the SET from the fxa event broker and verify its authenticity with various methods according to FXA docs. (See: https://github.com/mozilla/fxa/blob/main/packages/fxa-event-broker/README.md)

Once we’ve confirmed it’s all good, we can grab the User associated with the fxa id (sub) and return that and the decoded jwt (which contains event info.)