Submitted by toniher on
Since its beginning I liked Persona (also known as BrowserID), because it:
- technically supports a more decentralised Internet
- makes authentication easier for users
Shame on me, only just a few weeks ago I found time to play with this. As a proof of concept, I prepared an Express application that connects to MySQL so I could have a better understanding about how this authentication system actually works in practice (from a developer point of view).
You can find the code here: Express Persona MySQL Example.
The application is essentially based on Express Persona authentication module, but it separates the client part from the server side and adds a MySQL layer. So, instead of NodeJS Express for the server side, we could also use any other language, let's say Perl Mojolicious, but at the same time continuing to use the same code for the client webapp.
An example MySQL dump and an Apache virtual host configuration is provided as well (the latter for proxying requests from the client to the server and for ensuring 'same origin policy' is respected). We must not forget that Persona takes care only about authentication, so account creation must be handled apart.
One thing that can help when designing an application/service is knowing that custom Persona URLs can also be used. For instance, in the client code: /login/persona/verify
is forwarded to http://localhost:4646/persona/verify
(via Apache proxy) and this latter URL can also be further customised thanks to the Express-persona module (verifyPath
optional parameter).
On the other hand, as a reference, the magic at the client side is done by navigator.id.watch.
In the slides below Alina details a bit more (in Spanish) about Persona and how to deploy the code I comment:
Hope this helps to get more people to try Persona!