hello,
while looking at AGJS-122 and the possibility to add an authentication adapter which is
based on Mozilla's Persona sign-in system, I was thinking of the following API:
// Construct an AeroGear.Authentication.adapters.Persona
var persona = AeroGear.Auth({
name: 'persona',
type: 'Persona',
settings: {
verificationEndpoint: "http://127.0.0.1:3000/verify"
}
}).modules.persona;
// use login to initiate the Mozilla's Persona authentication procedure. login enables
the BrowserID and generates a signed assertion which contains the user's email
address
// on assertion generation call the verification service
persona.login({
onAssertion: function ( assertion ) {
// the verification API receives the assertion and the audience (our website URL)
as parameters
// for security reasons there must be an intermediate service between the client
and the verification API. the reason for which we want the intermediate service
// is that we want to ensure that the audience parameter is not hacked. I was
thinking that it is better to avoid adding the persona.verify call inside our adapter
// since this way we would force the user to create the intermediate service
according our implementation. That's why the following line exists:
persona.verify( { assertion: assertion }, { success: onSuccessVerification, error:
onFailedVerification } );
},
error: onLoginError
});
// logout
persona.logout( onLogout );
I have added a working example in:
https://github.com/tolis-e/aerogear-js-persona-authentication-poc
and a first implementation sample:
https://github.com/aerogear/aerogear-js/pull/100
In order you'd like to try the working example on Android emulator, change lines:
https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/ma...
and
https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/ma...
to use host 10.0.2.2
and open the
http://10.0.2.2:3000/persona-test.html page on the Android browser
any thoughts, suggestions?