[aerogear-dev] aerogear-js Mozilla's Persona authentication adapter
Apostolos Emmanouilidis
aemmanou at redhat.com
Wed Jan 22 04:41:05 EST 2014
hello,
while looking at AGJS-122 and the possibility to add an authentication adapter which is based on Mozilla's Persona sign-in system, I was thinking of the following API:
// Construct an AeroGear.Authentication.adapters.Persona
var persona = AeroGear.Auth({
name: 'persona',
type: 'Persona',
settings: {
verificationEndpoint: "http://127.0.0.1:3000/verify"
}
}).modules.persona;
// use login to initiate the Mozilla's Persona authentication procedure. login enables the BrowserID and generates a signed assertion which contains the user's email address
// on assertion generation call the verification service
persona.login({
onAssertion: function ( assertion ) {
// the verification API receives the assertion and the audience (our website URL) as parameters
// for security reasons there must be an intermediate service between the client and the verification API. the reason for which we want the intermediate service
// is that we want to ensure that the audience parameter is not hacked. I was thinking that it is better to avoid adding the persona.verify call inside our adapter
// since this way we would force the user to create the intermediate service according our implementation. That's why the following line exists:
persona.verify( { assertion: assertion }, { success: onSuccessVerification, error: onFailedVerification } );
},
error: onLoginError
});
// logout
persona.logout( onLogout );
I have added a working example in: https://github.com/tolis-e/aerogear-js-persona-authentication-poc
and a first implementation sample: https://github.com/aerogear/aerogear-js/pull/100
In order you'd like to try the working example on Android emulator, change lines:
https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/master/static/persona-test.html#L16
and
https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/master/server.js#L29
to use host 10.0.2.2
and open the http://10.0.2.2:3000/persona-test.html page on the Android browser
any thoughts, suggestions?
More information about the aerogear-dev
mailing list