CouchDB BrowserID Plugin

Hey all,

This weekend @tilgovi and @_jhs implemented a plugin to verify assertions and manage user sessions on CouchDB.

The plugin code is here https://github.com/iriscouch/browserid_couchdb and every Couch hosted by http://iriscouch.com has the plugin enabled already.

I then took the plugin and implemented BrowserID login on my CouchDB port of Diaspora: http://monocl.es if you want to try out the login flow.

Cheers,

Max
0
Max
7/19/2011 6:46:58 AM
mozilla.dev.identity 1643 articles. 4 followers. Post Follow

4 Replies
508 Views

Similar Articles

[PageSpeed] 47

Very nice! Thanks for sending along.

Please do send us your feedback now that you've implemented BrowserID!

-Ben

On 7/18/11 11:46 PM, Max Ogden wrote:
> Hey all,
>
> This weekend @tilgovi and @_jhs implemented a plugin to verify assertions and manage user sessions on CouchDB.
>
> The plugin code is here https://github.com/iriscouch/browserid_couchdb and every Couch hosted by http://iriscouch.com has the plugin enabled already.
>
> I then took the plugin and implemented BrowserID login on my CouchDB port of Diaspora: http://monocl.es if you want to try out the login flow.
>
> Cheers,
>
> Max
> _______________________________________________
> dev-identity mailing list
> dev-identity@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-identity

0
Ben
7/19/2011 1:43:30 PM
On Jul 19, 6:43=A0am, Ben Adida <b...@adida.net> wrote:
> Very nice! Thanks for sending along.
>
> Please do send us your feedback now that you've implemented BrowserID!
>
> -Ben

Right now I'm most confused about some of the details regarding
primaries.

The current implementation has the login page send both the assertion
and the audience back to CouchDB.
If I base64 decode the assertion it seems to have a json object along
with (what I presume to be cryptographic) padding.

The "issuer" field of the JSON object says "browserid.org:443".
It's strange to me that this isn't a URI with https in front of it.
I'd much prefer if it said https://browserid.org/verify.
Has there been any talk of putting this in .well-known, or some other
way to say what service should verify?
I'd like to support other primaries.

Currently the CouchDB implementation assumes the browserid.org verify
endpoint.
I believe we assert that the audience the client sends us matches the
audience in the verification response.
I feel strange about trusting the user agent to send the audience.
Does it make sense to look at the Host header and assert it matches
the audience in the decoded assertion and the verify response? Or am I
getting too paranoid here?

Any thoughts would be greatly appreciated! It's really exciting to
have this in CouchDB, but I want to make CouchDB a primary now and
start logging in to Max's Couch with my Couch certifying my
identity :).

-Randall (@tilgovi)

>
> On 7/18/11 11:46 PM, Max Ogden wrote:
>
>
>
>
>
>
>
> > Hey all,
>
> > This weekend @tilgovi and @_jhs implemented a plugin to verify assertio=
ns and manage user sessions on CouchDB.
>
> > The plugin code is herehttps://github.com/iriscouch/browserid_couchdban=
d every Couch hosted byhttp://iriscouch.comhas the plugin enabled already.
>
> > I then took the plugin and implemented BrowserID login on my CouchDB po=
rt of Diaspora:http://monocl.esif you want to try out the login flow.
>
> > Cheers,
>
> > Max
> > _______________________________________________
> > dev-identity mailing list
> > dev-ident...@lists.mozilla.org
> >https://lists.mozilla.org/listinfo/dev-identity

0
Randall
7/19/2011 7:06:26 PM
Hi,

Is the browserid code here secure and ready for production use?

also

I can't get the example to work.

When I execute this it just hangs.
 ./push.js http://mycouch.iriscouch.com:6984/browserid

Am i missing something?


On Tuesday, July 19, 2011 2:46:58 AM UTC-4, Max Ogden wrote:
> Hey all,
> 
> This weekend @tilgovi and @_jhs implemented a plugin to verify assertions and manage user sessions on CouchDB.
> 
> The plugin code is here https://github.com/iriscouch/browserid_couchdb and every Couch hosted by http://iriscouch.com has the plugin enabled already.
> 
> I then took the plugin and implemented BrowserID login on my CouchDB port of Diaspora: http://monocl.es if you want to try out the login flow.
> 
> Cheers,
> 
> Max

0
gregorym
6/4/2012 7:01:33 PM
Hi Gregory M.,

On 6/4/12 2:01 PM, gregorym@gmail.com wrote:
> Is the browserid code here secure and ready for production use?

BrowserID itself (soon to be renamed "Persona") is secure and ready for 
production use. The fallback Identity Provider we operate at 
browserid.org is hosted in geographically redundant data centers, etc.

We didn't write the CouchDB plugin, so you'll want to contact the Iris 
Couch folks directly. From a quick glance, it looks like it's using the 
old, deprecated navigator.id.getVerifiedEmail() call, and is 
self-hosting our include.js shim.

It should work for now, but we recommend against doing both of those things.

> When I execute this it just hangs.
>   ./push.js http://mycouch.iriscouch.com:6984/browserid
>
> Am i missing something?

I'm not sure; that sounds like a problem on the Iris Couch side. You're 
probably better of asking them directly. :)

Either way, we're about to release an updated version of our API, and 
I'll make sure I contact Iris Couch and other library authors to ask 
them to support it. The move to the newer API should give us a better 
idea as to which libraries are being actively maintained.

Otherwise, let me know if you have any other questions or if I can help 
you get set up!

-Callahad
0
Dan
6/4/2012 7:56:34 PM
Reply:

Similar Artilces:

plugins for plugins?
I'm writing a plugin that needs fairly high-level control and idealy would use the results from other plugins. Are there hooks for qpsmtpd plugins to have plugins? How can I package my module so that other can use it? How do I go about distributing it? Here's what I'm doing: I run several ISPs and we allow users to forward this mail off-site. Some users foward their mail to places that have a tendency to blacklist servers they receive spam from (AOL, Comcast, others). When someone forwards their mail, they forward their spam too. For various reasons, I don'...

plugin dev
Hi, Indeed, bad documentation for plugin development... and looks like the plugin build system is broken on n*x, where other parts of the build system works just fine. I ve managed to build basic/simple examples anyway but doesn t works when testing, and no error reports... i m only interested in NPAPI atm. I am not talking about web API documentation, but a simple testcase code sample, that would just build and works. Greetz ...

BrowserID WordPress plugin
Hello, To get some attention for the BrowserID experiment I wrote a little WordPress plugin <http://wordpress.org/extend/plugins/browserid/> to login with BrowserID to any WordPress powered site. Kind regards, Marcel Please consider the environment before printing this e-mail ...

ident/p0f plugin
--=_99f9505d1a547990dca6e266f8c77935 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit I think it was discussed on list some time ago that the p0f plugin no longer worked with new versions of p0f but no one pushed the new plugin version out to the list and/or updated it in git. Attached version has been modified based on the more recent version of pofq.pl and so should work. Tom --=_99f9505d1a547990dca6e266f8c77935 Content-Transfer-Encoding: base64 Content-Type: application/octet-stream; name="p0f"; charset="UTF-8" Content-...

Merging dev-gaia and dev-b2g into dev-fxos
--001a113ce93ebce35d051e4c0c73 Content-Type: text/plain; charset=UTF-8 Hello people of Firefox OS, After a discussion we have decided that the distinction between dev-gaia and dev-b2g mailing lists is not enough to warrant maintaining two lists. So we are deprecating both in favor of dev-fxos. So if you are subscribed to one of the aforementioned lists, you will be subscribed to the new dev-fxos list and we will shortly be decommissioning dev-gaia and dev-b2g. Thanks! Michael --001a113ce93ebce35d051e4c0c73 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: qu...

Identical twins not identical
From the Vancouver Sun: http://www.vancouversun.com/health/Identical+twins+actually+identical+shocking+Canadian+research+finds/4530930/story.html Here's the text: "If you thought identical twins were identical, think again. Canadian scientists have discovered that identical twins do not have identical genes, a common assumption by researchers for more than a century, and a development that could have implications into the study of medicine and human behaviour. "That assumption has been with us since the beginning of time," said Shiva Singh, a molecular...

about:plugins (plugin enumeration)
Hi, maybe someone can help me. I'm just trying to enumerate all available plugins within Firefox. But I don't need a javascript I need a dll or other access code for Delphi (Object Pascal). I know that I can enum plugins by searching the extensions directory and parse the install.rdf for each plugin. But I'd prefere just to call about:plugins or so. My question is if there's a library function which I can call and get the result of about:plugins? Kind regards sou ----- Original Message ---- > From: "deitysou@googlemail.com" <deity...

Merging dev-gaia and dev-b2g into dev-fxos
--001a113ce93ebce35d051e4c0c73 Content-Type: text/plain; charset=UTF-8 Hello people of Firefox OS, After a discussion we have decided that the distinction between dev-gaia and dev-b2g mailing lists is not enough to warrant maintaining two lists. So we are deprecating both in favor of dev-fxos. So if you are subscribed to one of the aforementioned lists, you will be subscribed to the new dev-fxos list and we will shortly be decommissioning dev-gaia and dev-b2g. Thanks! Michael --001a113ce93ebce35d051e4c0c73 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: qu...

Plugin modules ("My::Plugin") / plugins on CPAN
--Apple-Mail-4--779114338 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Hi everyone, Some time ago there was discussion about contributors distributing plugins on CPAN. I made a change so that should be possible. I didn't do more than the most basic testing, so I didn't commit it. Feedback welcome. The patch below should apply to the latest code from the 0.3x branch [1]. After applying the patch you should be able to make a module like the following (just install it as a regular perl module) an...

Nsure Identity Manager Plugins
I cannot seem to install the plugins for identity manager. I am using iManager 2.02. It keeps failing every time I try. I also cannot install it when running the install process for identity manager on the server. Thanks for any help. Phil Goldwasser Manager, IT Broad Street Inc. pgold@broadstreet.com wrote: > I cannot seem to install the plugins for identity manager. I am using > iManager 2.02. It keeps failing every time I try. I also cannot > install it when running the install process for identity manager on > the server. > > Thanks for any help...

Primary identity authorities in BrowserID
Hi all, So how does an Identity Provider like facebook, gmail, or Yahoo! mail = become a "primary identity authority" in BrowserID anyway? I've spent some time trying to pull together all of the design = conversations we've had into a single document which proposes fairly = precise integration points and protocols for how primary support works. =20= This is a first draft, and there's at least one diagram that's not drawn = yet, but I'm ready for any and all feedback on the content. Overall = these are extremely important integration points and I&#...

Primary Identity Authorities in BrowserID #2
Based on all the feedback, I've updated and published the rough proposal = for how existing identity providers can become primary identity = authorities for BrowserID: http://lloyd.io/primary-identity-authorities-in-browserid I consider this to be a proposed starting point from which prototyping = can begin, and expect lots of changes and improvements before the = implementation lands in BrowserID proper. Thanks for the careful feedback and help (and I look forward to more), lloyd ...

SeamlessID: shifting from logins to identities... with BrowserID?
Hello! After a few discussions I had in the last months with also some people form Mozilla I was able to summarize the draft concept of SeamlessID in an article: http://intenseminimalism.com/2012/from-logins-to-seamless-identity-a-new-paradigm-for-the-web/ I think that BrowserID could be the right background technology and team as well with the right culture and vision to achieve that, and I think it's also well aligned with the objective of Mozilla in the Identity field. I'd love to hear any feedback you might have. :) Thanks, |D You captured the main shift =...

BrowserID dev, a wild and crazy idea
What if we put two rules on commit messages: 1. every commit message should reference an issue 2. rule #1 may be broken when the fix takes less time to author and test = than the issue would take to open. Benefits? QA would get a better more thorough changelog each week, and = would be able to more thoroughly and precisely target areas of change. Detriments? Devs might have some annoying administrative work. But as = I look at the last weeks worth of changes, it's mostly the case that = this is what we're doing anyway (it's possible to correlate each commit = to a...

Web resources about - CouchDB BrowserID Plugin - mozilla.dev.identity

BrowserID: A Better Way to Sign In
BrowserID Home How it works Developers Sign In Sign Out New to BrowserID? Learn more Account Manager Your Email Addresses edit done Password ...

mozilla/browserid · GitHub
browserid - Persona is a secure, distributed, and easy to use identification system.

Explained: BrowserID: what it is and why you should care
BrowserID: what it is and why you should care BrowserID is a method, presented in July 2011, to use email addresses to prove an identity and ...

Mozilla unveils a new ‘Persona’ for its BrowserID easy login technology
Mozilla has announced Persona, a new public-facing name for its BrowserID technology, which aims to make it easier to sign in to websites and ...

Mozilla Corporation - LinkedIn
Welcome to the company profile of Mozilla Corporation on LinkedIn. Mozilla is a thriving community of intelligent, principled and passionate ...

BrowserID and me
... and User Data at Mozilla. This is an awesome and challenging responsibility, and I’ve been busy. When I took on this new responsibility, BrowserID ...

Black Duck Software Media Coverage
Read more about how Black Duck is helping organizations make better software faster and for less money by harnessing the power of open source ...

Google Paying Mozilla $900M in Search Deal: ATD
Google will pay Mozilla $300 million a year for the next three years in a search deal it renewed earlier this week. The deal will give Mozilla ...

Haskellers
Haskell Language English Japanese Spanish Hebrew Russian Ukrainian The meeting place for professional Haskell programmers Overview Groups Find ...

Identity at Mozilla
This past year we’ve been building the core of a Web-scale identity system. We’ve been calling it BrowserID: our name both for the technology1 ...

Resources last updated: 11/23/2015 4:21:06 AM