Difference between revisions of "Persona"

From Sudo Room
Jump to navigation Jump to search
(adds apache module link)
(updates persona notes)
Line 11: Line 11:
Interesting, there's a drop-in apache module for persona-based auth:
Interesting, there's a drop-in apache module for persona-based auth:
* https://github.com/mozilla/mod_authnz_persona
* https://github.com/mozilla/mod_authnz_persona
==Implementations==
===WordPress===
Using [http://wordpress.org/plugins/browserid/ BrowserID plugin].
===MediaWiki===
Using [https://www.mediawiki.org/wiki/Extension:Persona Persona extension].
===SeltzerCRM===
====Persona Auth Module====
A dead-simple verification plugin that allows users to authenticate using an email address via persona. Uses MIT-licensed verification library [https://github.com/fmarier/auth-browserid Auth-BrowserID] and based on SeltzerCRM's [https://github.com/elplatt/seltzer/blob/master/crm/modules/user/user.inc.php User Module], both are dependencies.
=====pseudo code=====
# include BrowserID.php verification library class (gpl-compatible Mozilla license)
# create alternative Persona-based login form
# ensure login form shows up in the right places
# write handler to catch the POST login request, perform an assertion, add user id to session data, and respond in affirmative
# shouldn't need to write handler to catch the GET logout request, existing logout should simply clear session data
=====notes=====
Relevant sections of code:
https://github.com/elplatt/seltzer/blob/master/crm/modules/user/user.inc.php#L467-L498
https://github.com/elplatt/seltzer/blob/master/crm/modules/user/user.inc.php#L623-L687
Helpful thoughts:
Confirms idea of how this could work http://stackoverflow.com/a/18930982
Demonstrated hack example in php http://ubuntuforums.org/archive/index.php/t-2126891.html
Libraries:
Looks like I want to use this: https://github.com/fmarier/auth-browserid namely:
https://github.com/fmarier/auth-browserid/blob/master/docs/demo.php

Revision as of 17:18, 1 May 2014

There aren't many decentralized authentication solutions out there. Namely, there are few alternatives to OpenID, and Mozilla Persona seems to be the most modern and most viable. Persona is based on the underlying BrowserID protocol. Further, Mozilla currently runs an Identity Provider (IdP) service at https://login.persona.org/ but one can run an IdP themselves, allowing for decentralization.

In terms of practical usage for sudo room, there are a sufficient number of libraries and plugins available for integrating and developing with lots of different applications and environments. This blog post from 2013 explains some more about how these libraries can be used.

Interesting, there's a drop-in apache module for persona-based auth:

Implementations

WordPress

Using BrowserID plugin.

MediaWiki

Using Persona extension.

SeltzerCRM

Persona Auth Module

A dead-simple verification plugin that allows users to authenticate using an email address via persona. Uses MIT-licensed verification library Auth-BrowserID and based on SeltzerCRM's User Module, both are dependencies.

pseudo code
  1. include BrowserID.php verification library class (gpl-compatible Mozilla license)
  2. create alternative Persona-based login form
  3. ensure login form shows up in the right places
  4. write handler to catch the POST login request, perform an assertion, add user id to session data, and respond in affirmative
  5. shouldn't need to write handler to catch the GET logout request, existing logout should simply clear session data
notes

Relevant sections of code: https://github.com/elplatt/seltzer/blob/master/crm/modules/user/user.inc.php#L467-L498 https://github.com/elplatt/seltzer/blob/master/crm/modules/user/user.inc.php#L623-L687

Helpful thoughts: Confirms idea of how this could work http://stackoverflow.com/a/18930982 Demonstrated hack example in php http://ubuntuforums.org/archive/index.php/t-2126891.html

Libraries: Looks like I want to use this: https://github.com/fmarier/auth-browserid namely: https://github.com/fmarier/auth-browserid/blob/master/docs/demo.php