personagrata

Small verifier for Persona (aka BrowserID)

PersonaGrata

Does remote verification using Mozilla's API right now. Will add local verification when it is stable.

You MUST pass the current domain to the options parameter when using this in production or it may accept verifications from any domain.

  • options won't matter until we have local verification
  • Both return a verifier function which should be called as shown below.
  • assertion is the Persona assertion you get from the browser
  • options should be an object providing information about the domain doing the verification
var verify = require('personagrata').remote();
 
// Assume body was already parsed by some middleware 
app.post('/login', function(reqres) {
    verify(req.body.assertion, {
        proto: config.SITE_PROTOCOL, // You might be able to trust the client with this one, will be 'http' by default 
        domain: config.SITE_DOMAIN, // Never trust client with this, will be 'localhost' by default 
        port: config.SITE_PORT // By default, will be 80 for http and 443 for https 
    }, function(erremail) {
        if(email) { /* Login */ }
        else { /* Get out! */ }
    });
});