PersonaGrata

Does remote verification using Mozilla's API right now. Will add local verification when it is stable.

You MUST pass the current domain to the options parameter when using this in production or it may accept verifications from any domain.

API

remote([options])

local([options]) // Not yet implemented

• options won't matter until we have local verification
• Both return a verifier function which should be called as shown below.

verify(assertion, [options,] callback)

• assertion is the Persona assertion you get from the browser
• options should be an object providing information about the domain doing the verification

Example:

var verify = require('personagrata').remote();
 
// Assume body was already parsed by some middleware
app.post('/login', function(req, res) {
    verify(req.body.assertion, {
        proto: config.SITE_PROTOCOL, // You might be able to trust the client with this one, will be 'http' by default
        domain: config.SITE_DOMAIN, // Never trust client with this, will be 'localhost' by default
        port: config.SITE_PORT // By default, will be 80 for http and 443 for https
    }, function(err, email) {
        if(email) { /* Login */ }
        else { /* Get out! */ }
    });
});