onepw protocol · mozilla/fxa-auth-server Wiki
▻https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol
Firefox Accounts/Sync Protocol
This document describes the protocol used by FxA clients (including FF Sync clients) and the key-server implemented in ►https://github.com/mozilla/fxa-auth-server . Clients use this protocol to prove their knowledge of the account password, for which they receive a sessionToken, which can be used to obtain a signed BrowserID certificate (which can be used to convince subsequent relying parties that they control the account). This protocol is also used to retrieve a pair of encryption keys (kA and kB) which will be used to encrypt Sync data.