
Writing A Persona Identity Provider - johns
https://lukasa.co.uk/2013/04/Writing_A_Persona_Identity_Provider/
======
ajtaylor
First, thank you for the extensive write up.

My knowledge of Persona's functionality is only passing, but could it take the
place of 3rd party social sign in providers like Gigya & Janrain? That is, if
Google, Facebook, etc provided Persona endpoints could I use them to login
people to $work's website? We're currently using one of the social sign in
providers (after trying another) and haven't been entirely happy about the
experience. All we really need is a way to authenticate a user and associate
them with a user ID in our local database. In a perfect world, I wouldn't have
to care whether they were a local , Google+, FB, Twitter, etc user.

~~~
callahad
> _could [Persona] take the place of 3rd party social sign in providers like
> Gigya & Janrain?_

Ideally, yes. One button, any user. No mandatory centralized / trusted third
parties.

> _if Google, Facebook, etc provided Persona endpoints could I use them to
> login people to $work's website?_

You can actually do that _right now._ Persona includes a temporary centralized
fallback that lets it work for any user, at any domain, right now. The only
constraint is that the domain either needs to support Persona (as per the
article), or the user needs to be able to receive email at that domain.

> _All we really need is a way to authenticate a user and associate them with
> a user ID in our local database._

Persona is a Very Good Fit for this use case. If you're already storing email
addresses for your users, you can implement Persona without making a single
schema change. It should take you about an hour to get a proof of concept
working.

I gave a 30 minute talk (+15 minutes Q&A) about Persona at PyCon last month:
<http://pyvideo.org/video/1764/>. You might find it helpful in understanding
the what, why, and how. I'm also more than happy to help you out personally --
contact info is in my HN profile. Please reach out to me if you have any
questions.

~~~
ajtaylor
We're finishing up work on a new website design, but I'm very interested in
pursuing this idea. I'll watch the talk you linked during lunch time today. If
I could save the business a 5 figure license fee with an hour's time... it
seems like a no brainer to me!

For the moment, we're a Gigya customer but even the base license isn't cheap
and don't use (or anticipate using) most of the functionality these 3rd party
providers offer. We do use some of the other addons, but even those won't stay
around forever either.

------
dochtman
I'll refer to my IdP implementation in Python again:

<https://bitbucket.org/djc/persona-totp>

It's 147 lines of Python (sloccount) and 155 lines of HTML (wc -l). No
dependencies, other than the stdlib.

------
ozten
Great rundown of all the steps.

If you're looking for some node code as a starting point, this is Node +
MySQL.

<https://github.com/ozten/hostedpersona>

------
ColinWright
Hmm:

    
    
        This Connection is Untrusted
    
        You have asked Firefox to connect securely to
        lukasa.co.uk, but we can't confirm that your
        connection is secure.
    
        Normally, when you try to connect securely,
        sites will present trusted identification to
        prove that you are going to the right place.
        However, this site's identity can't be verified.

~~~
Lukasa
I can't reproduce this in Chrome or Firefox. Is this still happening for you?

~~~
manuletroll
I've had the same problem on my windows phone. I think it's an issue with
StartSSL certs that are not trusted as much as others.

~~~
Lukasa
That seems likely. If you can't add StartSSL to your chain of trust, the same
page can be accessed over HTTP instead of HTTPS.

~~~
ColinWright
Noted - thanks.

------
drivebyacct2
Thank you for being a good web citizen. Times two. First for people a "good
person" and using Persona instead of some "innovative" home-rolled email
solution or just using Facebook/Twitter auth. And more importantly for the
thought-filled write-up. Should be useful.

