Query parameters are used to pass data from the relier to Firefox Accounts.
Specify the OAuth client_id of the relier being signed in to.
When authenticating a user for OAuth.
Specifies whether the content server prompts for permissions consent. Only applicable for trusted relying parties.
Untrusted relying parties always show the prompt.
consent- Show the permissions prompt if any additional permissions are required. Only applicable fortrustedrelying parties. Untrusted relying parties always show the prompt.none- Require no user interaction if the user is signed in. Only applicable for authorized relying parties that are not requesting keys. An error is returned to the RP for all others. See the prompt=none doc for more info.
When authenticating a user for OAuth.
Which URI should a user be redirected back to upon completion of the OAuth transaction.
When authenticating a user for OAuth.
Specify the OAuth scope requested.
profile
When authenticating a user for OAuth.
Specify an OAuth state token.
When authenticating a user with OAuth.
Specifies the behavior of users sent to /. As of December 2019, the only supported
action is email and force_auth. Both signin and signup act like email.
Specifying action=email causes the "email-first" flow where unauthenticated users are
first asked to enter their email address w/o a password. If an account exists for the
address, the user is asked to login, if no account exists, the user is asked to create
an account.
emailsignin(DEPRECATED, useemail)signup(DEPRECATED, useemail)force_auth
When authenticating a user
Force which Firefox release channel should be installed
after redirecting from /m/:signinCode.
betanightlyrelease
- /m/:signinCode
Force a country to be used when testing the SMS feature.
ATAUBEDEDEDKESFRGBITLUNLROUS
If they user arrived at Firefox Accounts from within Firefox browser chrome, specify where in Firefox the user came from.
If an experiment is running at the entrypoint, set these properties to the name of the experiment and the variation that the user is part of.
Universal
Specify which non-OAuth service a user is signing in to.
sync
Only available if context equals fx_desktop_v3, fx_fennec_v1, or fx_ios_v1
Specify a profile field to make editable.
avatar
If Firefox Accounts is opened to /settings and a profile field should be made editable.
- /settings
Specify an alternate context in which Firefox Accounts is being run, if not as a standard web page.
fx_desktop_v3- Firefox Accounts is being used to sign in to Sync on Firefox Desktop using WebChannels. Used to add thesyncPreferencesNotificationcapabilityfx_fennec_v1- Firefox Accounts is being used to sign in to Sync on Firefox for Android using WebChannels.fx_ios_v1- Firefox Accounts is being used to sign in to Sync on Firefox for iOS using CustomEvents.
When used on /signin, /oauth/signin, /signup, or /oauth/signup, suggest a user to sign in. If set to the string blank, an empty sign in form will be displayed and no suggested accounts will appear.
When specified at /force_auth, the user will be forced to sign in as the specified email. If an account does not exist for the specified email, the user will be unable to sign in.
If the user's email address is already known.
MUST be specified when using force_auth, either via ?action=force_auth in the OAuth flow, or browsing directly to /force_auth for Sync.
The Google Analytics utm_campaign field. Will be passed back to the relier
when authentication completes.
Universal
The Google Analytics utm_content field. Will be passed back to the relier
when authentication completes.
Universal
The Google Analytics utm_medium field. Will be passed back to the relier
when authentication completes.
Universal
The Google Analytics utm_source field. Will be passed back to the relier
when authentication completes.
Universal
The Google Analytics utm_term field. Will be passed back to the relier
when authentication completes.
Universal
Used in the verification flows to specify the verification code.
Should not be used by relying parties.
Used in two cases:
- By the verification flows to specify the user id of the user being verified.
- By relying parties when loading a settings page to specify which account should be used.
Relying parties who send users to a settings page to e.g., set an avatar, can pass a uid to ensure users with multiple accounts update the avatar for the correct account.
Used by functional tests to indicate the browser is being automated.
truefalse(default)
Used by functional tests to synthesize localStorage being disabled.
01
Should not be used by relying parties. Should only be used by functional tests.
Force a particular AB test.
emailFirst- Should the user go through the email-first flow?sendSms- Allow users to send an SMS containing a Firefox Mobile installation link
Force the user into a particular AB test experiment group.
control- default behavior.treatment- new behavior.signinCodes- a second treatment group, only used for thesendSmsexperiment. When sending an SMS, the install link contains a signinCode that helps the user sign in more easily on the second device.
Used to skip the confirmation form to reset a password
true(default)false
Should not be used by relying parties. Should only be used for accounts that must be reset.
Allows you to override the default email that a reset password is hashed with.
- user's current primary email (default)
After a user has changed their primary email you need to hash with the original account email if they perform a reset password.
truefalse(default)
- /settings/emails