Share your code. npm Orgs help your team discover, share, and reuse code. Create a free org »


    express-persona Build Status

    Mozilla Persona integration for Express. express-persona is designed to quickly get Persona authentication working in your Express application, while following Persona security best practices.

    Quick start

    Install using npm: npm install express-persona

    Include the module inside your Express application:

    var express = require("express"),
        app = express();
       secret: "mozillapersona"
    require("express-persona")(app, {
      audience: "http://localhost:8888" // Must match your browser's address bar 

    Include the Persona library in your web page:

    <script src=""></script>

    Add login and logout functionality to your buttons:

    document.querySelector("#login").addEventListener("click", function() {;
    }, false);
    document.querySelector("#logout").addEventListener("click", function() {;
    }, false);

    Watch for login and logout actions:{
      onlogin: function(assertion) {
        var xhr = new XMLHttpRequest();"POST", "/persona/verify", true);
        xhr.setRequestHeader("Content-Type", "application/json");
        xhr.addEventListener("loadend", function(e) {
          var data = JSON.parse(this.responseText);
          if (data && data.status === "okay") {
            console.log("You have been logged in as: " +;
        }, false);
          assertion: assertion
      onlogout: function() {
        var xhr = new XMLHttpRequest();"POST", "/persona/logout", true);
        xhr.addEventListener("loadend", function(e) {
          console.log("You have been logged out");

    By default, express-persona adds the users email address to when their email is validated.

    This library will handle 3 of 4 essential practices for [Persona security considerations] ( but you should implement CSRF protection as well. I recommend the built-in express csrf middleware.

    You can view and run complete examples in the examples directory.



    • require('express-persona') returns function(express, options)
      • express is an instance of the express server that you want to add routes to
      • options is an object. It has one required parameter, audience.

    Required options

    • audience - The URL of your express app when viewed in a browser. Must include the protocol, hostname, and port.
      • Example:,

    Optional options

    • verifyPath - The URL that clients use to verify credentials.
      • Default: /persona/verify
      • Examples: /browserid/verify, /api/verify
    • logoutPath - The URL that clients use to logout.
      • Default: /persona/logout
      • Examples: /browserid/logout, /api/logout
    • sessionKey - The session key to store the validated email in.
      • Default: email
      • Example: user, username
    • verifierURI - The URI of the Persona Remote Verification API
      • Default:
      • You probably don't want to touch this unless you have a good reason, like testing.
    • verifyResponse(error, req, res, email) - Function to generate response for verify route
      • Default: see Verify route, below, for successess and failure responses
      • error will be a string suitable for display (the "reason" attribute in the default implementation), if an error occurs
      • req, res are the request and response objects
      • email is a string containing the email, and will exist if there is not an error
    • logoutResponse(error, req, res) - Function to generate response for logout route
      • Default: see Logout route, below, for response
      • error will be a string suitable for display, if an error occurs
      • req, res are the request and response objects
    • middleware(req, res, next) - Custom middleware for logout/login routes
      • Default: none
      • req, res are the request and response objects
      • next points to the next middleware function in the chain

    Verify route

    • On success:
      "status": "okay"
      "email": ""
    • On failure
      "status": "failure"
      "reason": "request failed"

    Logout route

    • Always returns:
      "status": "okay"


    Running Tests

    Run tests using npm test from the root of the repository.


    npm i express-persona

    Downloadslast 7 days







    last publish


    • avatar