Thursday, November 10, 2011

HTML 5 BrowserID


Mozilla came up with this great idea that users should not worry about username and passwords when they go to any websites. In these days, everybody has many passwords and it is not easy to track which username/password you use for which web site. Some web sites like your old password some of them believe it sucks and forces you to change it.

 I have been watching BrowserID, and I like the idea. Here how it works.
To Enable Browser ID. You need to download Include.js library in your site and add the following line to your application.

<script src="https://browserid.org/include.js" type="text/javascript"></script>

To Identify the User
Now, rather than creating username and password textboxes, we can use the Browser ID API when your user clicks on sign-in button. Here is the jscript for that.

<script>
        navigator.id.getVerifiedEmail(function (assertion) {
            if (assertion) {
                // This code will be invoked once the user has successfully
                // selected an email address they control to sign in with.
            } else {
                // something went wrong!  the user isn't logged in.
            }
        });
    </script>


Verify the User's Identity

We need to verify the assertion is authentic, and extract our users email address from it. We can do that by using BrowserID's free verification service.

We need to send a request to https://browserid.org/verify with two POST parameters:
  • assertion : the encoded assertion
  • audience : The hostname and optional port of our site
After this, the verifier will check the assertion was meant for our site and is valid. Here how we do that.

$ curl -d "assertion=<ASSERTION>&audience=https://mysite.com" "https://browserid.org/verify"
{
    "status""okay",
    "email""hsavran@example.com",
    "audience""https://h-savran@blogspot.com",
    "expires": 1308859352261,
    "issuer""browserid.org"
}

According to Mozilla, now BrowserID remembers the email you use.. More infomation

No comments:

Post a Comment