<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/4.6.4">
</HEAD>
<BODY>
I have created a new branch which contains an example using the navigator.id watch-request methods instead of the get method which is used in the master branch and added session support to the server [1].<BR>
The AeroGear persona adapter API still needs many improvements and redesign :)<BR>
<BR>
What worries me about Mozilla's Persona sign-in system is that even if you sign out with Persona, you should remember to explicitly sign out of your personal email account as well.<BR>
Otherwise the next person who will sit over a shared computer, will be able to to sign in to the Persona service without entering a password [2]. I don't know if the lesson is, to never share your computer :)<BR>
<BR>
[1]: <A HREF="https://github.com/tolis-e/aerogear-js-persona-authentication-poc/tree/persona_watch-request">https://github.com/tolis-e/aerogear-js-persona-authentication-poc/tree/persona_watch-request</A><BR>
[2]: <A HREF="https://support.mozilla.org/el/kb/signing-out-using-persona">https://support.mozilla.org/el/kb/signing-out-using-persona</A><BR>
<BR>
On Wed, 2014-01-22 at 08:32 -0500, Lucas Holmquist wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
sounds cool, i'll take a look
On Jan 22, 2014, at 4:41 AM, Apostolos Emmanouilidis <<A HREF="mailto:aemmanou@redhat.com">aemmanou@redhat.com</A>> wrote:
<FONT COLOR="#737373">> hello,</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> while looking at AGJS-122 and the possibility to add an authentication adapter which is based on Mozilla's Persona sign-in system, I was thinking of the following API:</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> // Construct an AeroGear.Authentication.adapters.Persona </FONT>
<FONT COLOR="#737373">> var persona = AeroGear.Auth({ </FONT>
<FONT COLOR="#737373">> name: 'persona',</FONT>
<FONT COLOR="#737373">> type: 'Persona',</FONT>
<FONT COLOR="#737373">> settings: { </FONT>
<FONT COLOR="#737373">> verificationEndpoint: "<A HREF="http://127.0.0.1:3000/verify">http://127.0.0.1:3000/verify</A>"</FONT>
<FONT COLOR="#737373">> } </FONT>
<FONT COLOR="#737373">> }).modules.persona;</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> // use login to initiate the Mozilla's Persona authentication procedure. login enables the BrowserID and generates a signed assertion which contains the user's email address</FONT>
<FONT COLOR="#737373">> // on assertion generation call the verification service</FONT>
<FONT COLOR="#737373">> persona.login({</FONT>
<FONT COLOR="#737373">> onAssertion: function ( assertion ) {</FONT>
for consistency, i would probably call this callback 'success'
<FONT COLOR="#737373">> // the verification API receives the assertion and the audience (our website URL) as parameters</FONT>
<FONT COLOR="#737373">> // for security reasons there must be an intermediate service between the client and the verification API. the reason for which we want the intermediate service</FONT>
<FONT COLOR="#737373">> // is that we want to ensure that the audience parameter is not hacked. I was thinking that it is better to avoid adding the persona.verify call inside our adapter</FONT>
<FONT COLOR="#737373">> // since this way we would force the user to create the intermediate service according our implementation. That's why the following line exists: </FONT>
<FONT COLOR="#737373">> persona.verify( { assertion: assertion }, { success: onSuccessVerification, error: onFailedVerification } ); </FONT>
<FONT COLOR="#737373">> }, </FONT>
<FONT COLOR="#737373">> error: onLoginError </FONT>
<FONT COLOR="#737373">> });</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> // logout</FONT>
<FONT COLOR="#737373">> persona.logout( onLogout );</FONT>
i know for the REST adapter we also have an "enroll" method, not sure if that makes sense for this one. I haven't really looked at the Persona thing to much, just a shiny object that i saw and created a JIRA
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> I have added a working example in: <A HREF="https://github.com/tolis-e/aerogear-js-persona-authentication-poc">https://github.com/tolis-e/aerogear-js-persona-authentication-poc</A></FONT>
<FONT COLOR="#737373">> and a first implementation sample: <A HREF="https://github.com/aerogear/aerogear-js/pull/100">https://github.com/aerogear/aerogear-js/pull/100</A></FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> In order you'd like to try the working example on Android emulator, change lines:</FONT>
<FONT COLOR="#737373">> <A HREF="https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/master/static/persona-test.html#L16">https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/master/static/persona-test.html#L16</A></FONT>
<FONT COLOR="#737373">> and</FONT>
<FONT COLOR="#737373">> <A HREF="https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/master/server.js#L29">https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/master/server.js#L29</A></FONT>
<FONT COLOR="#737373">> to use host 10.0.2.2</FONT>
<FONT COLOR="#737373">> and open the <A HREF="http://10.0.2.2:3000/persona-test.html">http://10.0.2.2:3000/persona-test.html</A> page on the Android browser</FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> </FONT>
<FONT COLOR="#737373">> any thoughts, suggestions? </FONT>
<FONT COLOR="#737373">> _______________________________________________</FONT>
<FONT COLOR="#737373">> aerogear-dev mailing list</FONT>
<FONT COLOR="#737373">> <A HREF="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</A></FONT>
<FONT COLOR="#737373">> <A HREF="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</A></FONT>
_______________________________________________
aerogear-dev mailing list
<A HREF="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</A>
<A HREF="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</A>
</PRE>
</BLOCKQUOTE>
<BR>
</BODY>
</HTML>