[aerogear-dev] aerogear-js Mozilla's Persona authentication adapter
Lucas Holmquist
lholmqui at redhat.com
Wed Jan 22 08:32:31 EST 2014
sounds cool, i'll take a look
On Jan 22, 2014, at 4:41 AM, Apostolos Emmanouilidis <aemmanou at redhat.com> wrote:
> hello,
>
> while looking at AGJS-122 and the possibility to add an authentication adapter which is based on Mozilla's Persona sign-in system, I was thinking of the following API:
>
> // Construct an AeroGear.Authentication.adapters.Persona
> var persona = AeroGear.Auth({
> name: 'persona',
> type: 'Persona',
> settings: {
> verificationEndpoint: "http://127.0.0.1:3000/verify"
> }
> }).modules.persona;
>
> // use login to initiate the Mozilla's Persona authentication procedure. login enables the BrowserID and generates a signed assertion which contains the user's email address
> // on assertion generation call the verification service
> persona.login({
> onAssertion: function ( assertion ) {
for consistency, i would probably call this callback 'success'
> // the verification API receives the assertion and the audience (our website URL) as parameters
> // for security reasons there must be an intermediate service between the client and the verification API. the reason for which we want the intermediate service
> // is that we want to ensure that the audience parameter is not hacked. I was thinking that it is better to avoid adding the persona.verify call inside our adapter
> // since this way we would force the user to create the intermediate service according our implementation. That's why the following line exists:
> persona.verify( { assertion: assertion }, { success: onSuccessVerification, error: onFailedVerification } );
> },
> error: onLoginError
> });
>
> // logout
> persona.logout( onLogout );
i know for the REST adapter we also have an "enroll" method, not sure if that makes sense for this one. I haven't really looked at the Persona thing to much, just a shiny object that i saw and created a JIRA
>
> I have added a working example in: https://github.com/tolis-e/aerogear-js-persona-authentication-poc
> and a first implementation sample: https://github.com/aerogear/aerogear-js/pull/100
>
> In order you'd like to try the working example on Android emulator, change lines:
> https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/master/static/persona-test.html#L16
> and
> https://github.com/tolis-e/aerogear-js-persona-authentication-poc/blob/master/server.js#L29
> to use host 10.0.2.2
> and open the http://10.0.2.2:3000/persona-test.html page on the Android browser
>
>
> any thoughts, suggestions?
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list