[aerogear-dev] aerogear-js Mozilla's Persona authentication adapter

Apostolos Emmanouilidis aemmanou at redhat.com
Wed Jan 22 04:41:05 EST 2014


hello,

while looking at AGJS-122 and the possibility to add an authentication adapter which is based on Mozilla's Persona sign-in system, I was thinking of the following API:

// Construct an AeroGear.Authentication.adapters.Persona 
var persona = AeroGear.Auth({                         
        name: 'persona',
        type: 'Persona',
        settings: {                             
            verificationEndpoint: "http://127.0.0.1:3000/verify"
        }                     
}).modules.persona;

// use login to initiate the Mozilla's Persona authentication procedure. login enables the BrowserID and generates a signed assertion which contains the user's email address
// on assertion generation call the verification service
 persona.login({
    onAssertion: function ( assertion ) {
        // the verification API receives the assertion and the audience (our website URL) as parameters
        // for security reasons there must be an intermediate service between the client and the verification API. the reason for which we want the intermediate service
        // is that we want to ensure that the audience parameter is not hacked. I was thinking that it is better to avoid adding the persona.verify call inside our adapter
        // since this way we would force the user to create the intermediate service according our implementation. That's why the following line exists:                                 
        persona.verify( { assertion: assertion }, { success: onSuccessVerification, error: onFailedVerification } );                             
    },                             
    error: onLoginError                         
});

// logout
persona.logout( onLogout );

I have added a working example in: https://github.com/tolis-e/aerogear-js-persona-authentication-poc
and a first implementation sample: https://github.com/aerogear/aerogear-js/pull/100

In order you'd like to try the working example on Android emulator, change lines:
https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/master/static/persona-test.html#L16
and
https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/master/server.js#L29
to use host 10.0.2.2
and open the http://10.0.2.2:3000/persona-test.html page on the Android browser


any thoughts, suggestions? 


More information about the aerogear-dev mailing list