3:41 a.m.
hello,
while looking at AGJS-122 and the possibility to add an authentication adapter which is
based on Mozilla's Persona sign-in system, I was thinking of the following API:
// Construct an AeroGear.Authentication.adapters.Persona
var persona = AeroGear.Auth({
name: 'persona',
type: 'Persona',
settings: {
verificationEndpoint: "http://127.0.0.1:3000/verify"
}
}).modules.persona;
// use login to initiate the Mozilla's Persona authentication procedure. login enables
the BrowserID and generates a signed assertion which contains the user's email
address
// on assertion generation call the verification service
persona.login({
onAssertion: function ( assertion ) {
// the verification API receives the assertion and the audience (our website URL)
as parameters
// for security reasons there must be an intermediate service between the client
and the verification API. the reason for which we want the intermediate service
// is that we want to ensure that the audience parameter is not hacked. I was
thinking that it is better to avoid adding the persona.verify call inside our adapter
// since this way we would force the user to create the intermediate service
according our implementation. That's why the following line exists:
persona.verify( { assertion: assertion }, { success: onSuccessVerification, error:
onFailedVerification } );
},
error: onLoginError
});
// logout
persona.logout( onLogout );
I have added a working example in:
https://github.com/tolis-e/aerogear-js-persona-authentication-poc
and a first implementation sample: https://github.com/aerogear/aerogear-js/pull/100
In order you'd like to try the working example on Android emulator, change lines:
https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/ma...
and
https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/ma...
to use host 10.0.2.2
and open the http://10.0.2.2:3000/persona-test.html page on the Android browser
any thoughts, suggestions?
7:32 a.m.
sounds cool, i'll take a look
On Jan 22, 2014, at 4:41 AM, Apostolos Emmanouilidis <aemmanou(a)redhat.com> wrote:
hello,
while looking at AGJS-122 and the possibility to add an authentication adapter which is
based on Mozilla's Persona sign-in system, I was thinking of the following API:
// Construct an AeroGear.Authentication.adapters.Persona
var persona = AeroGear.Auth({
name: 'persona',
type: 'Persona',
settings: {
verificationEndpoint: "http://127.0.0.1:3000/verify"
}
}).modules.persona;
// use login to initiate the Mozilla's Persona authentication procedure. login
enables the BrowserID and generates a signed assertion which contains the user's email
address
// on assertion generation call the verification service
persona.login({
onAssertion: function ( assertion ) {
for consistency, i would probably call
this callback 'success'
// the verification API receives the assertion and the
audience (our website URL) as parameters
// for security reasons there must be an intermediate service between the client
and the verification API. the reason for which we want the intermediate service
// is that we want to ensure that the audience parameter is not hacked. I was
thinking that it is better to avoid adding the persona.verify call inside our adapter
// since this way we would force the user to create the intermediate service
according our implementation. That's why the following line exists:
persona.verify( { assertion: assertion }, { success: onSuccessVerification, error:
onFailedVerification } );
},
error: onLoginError
});
// logout
persona.logout( onLogout );
i know for the REST adapter we also have an "enroll" method, not sure if that
makes sense for this one. I haven't really looked at the Persona thing to much, just
a shiny object that i saw and created a JIRA
I have added a working example in:
https://github.com/tolis-e/aerogear-js-persona-authentication-poc
and a first implementation sample: https://github.com/aerogear/aerogear-js/pull/100
In order you'd like to try the working example on Android emulator, change lines:
https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/ma...
and
https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/ma...
to use host 10.0.2.2
and open the http://10.0.2.2:3000/persona-test.html page on the Android browser
any thoughts, suggestions?
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
9:30 a.m.
I have created a new branch which contains an example using the
navigator.id watch-request methods instead of the get method which is
used in the master branch and added session support to the server [1].
The AeroGear persona adapter API still needs many improvements and
redesign :)
What worries me about Mozilla's Persona sign-in system is that even if
you sign out with Persona, you should remember to explicitly sign out of
your personal email account as well.
Otherwise the next person who will sit over a shared computer, will be
able to to sign in to the Persona service without entering a password
[2]. I don't know if the lesson is, to never share your computer :)
[1]:
https://github.com/tolis-e/aerogear-js-persona-authentication-poc/tree/pe...
[2]: https://support.mozilla.org/el/kb/signing-out-using-persona
On Wed, 2014-01-22 at 08:32 -0500, Lucas Holmquist wrote:
sounds cool, i'll take a look
On Jan 22, 2014, at 4:41 AM, Apostolos Emmanouilidis <aemmanou(a)redhat.com> wrote:
> hello,
>
> while looking at AGJS-122 and the possibility to add an authentication adapter which
is based on Mozilla's Persona sign-in system, I was thinking of the following API:
>
> // Construct an AeroGear.Authentication.adapters.Persona
> var persona = AeroGear.Auth({
> name: 'persona',
> type: 'Persona',
> settings: {
> verificationEndpoint: "http://127.0.0.1:3000/verify"
> }
> }).modules.persona;
>
> // use login to initiate the Mozilla's Persona authentication procedure. login
enables the BrowserID and generates a signed assertion which contains the user's email
address
> // on assertion generation call the verification service
> persona.login({
> onAssertion: function ( assertion ) {
for consistency, i would probably call this callback 'success'
> // the verification API receives the assertion and the audience (our website
URL) as parameters
> // for security reasons there must be an intermediate service between the
client and the verification API. the reason for which we want the intermediate service
> // is that we want to ensure that the audience parameter is not hacked. I was
thinking that it is better to avoid adding the persona.verify call inside our adapter
> // since this way we would force the user to create the intermediate service
according our implementation. That's why the following line exists:
> persona.verify( { assertion: assertion }, { success: onSuccessVerification,
error: onFailedVerification } );
> },
> error: onLoginError
> });
>
> // logout
> persona.logout( onLogout );
i know for the REST adapter we also have an "enroll" method, not sure if that
makes sense for this one. I haven't really looked at the Persona thing to much, just
a shiny object that i saw and created a JIRA
>
> I have added a working example in:
https://github.com/tolis-e/aerogear-js-persona-authentication-poc
> and a first implementation sample: https://github.com/aerogear/aerogear-js/pull/100
>
> In order you'd like to try the working example on Android emulator, change
lines:
>
https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/ma...
> and
>
https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/ma...
> to use host 10.0.2.2
> and open the http://10.0.2.2:3000/persona-test.html page on the Android browser
>
>
> any thoughts, suggestions?
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
4006
days inactive
4008
days old
2 comments
2 participants
participants (2)
-
Apostolos Emmanouilidis -
Lucas Holmquist