• Stars
    star
    102
  • Rank 335,584 (Top 7 %)
  • Language
    JavaScript
  • Created over 13 years ago
  • Updated over 11 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A demonstration of how to use BrowserID.

MyFavoriteBeer.org - A BrowserID example site

This is a simple site that demonstrates how BrowserID can be used to build a better login experience for users.

Overview

BrowserID is a distributed system that allows users to use their email address as login name and password. The cryptography which allows users to prove that they own an email address without site specific passwords is described in depth in the how browserid works blog post. For website owners, there is a three step tutorial that helps you integrate browserid as fast as possible.

This repository goes into greater depth than the tutorial, and provides a full working example of a small but complete website that uses BrowserID for authentication. This code is running at myfavoritebeer.org.

The Implementation

MyFavoriteBeer is a simple site that allows a user to log in and store a single string of information, their favorite beer. The site consists of a static HTML frontend (code under static/), and a simple web services API implemented by a node.js server (code under server/).

The API

The web services api exported by the node.js server consists of the following:

  • /api/whoami - reports whether the current session is authenticated
  • /api/login - accepts a browserid assertion to allow the user to authenticate
  • /api/get - returns the current user's favorite beer
  • /api/set - sets the current user's favorite beer
  • /api/logout - clears the current session

Further documentation of these calls is available in the source code.

Authentication

The most interesting part of this example is how authentication occurs. Client code includes the browserid javascript include file, and upon a user clicking the sign-in button, navigator.id.getVerifiedEmail() is invoked. BrowserID returns a string which contains an assertion. This assertion is passed up to the myfavoritebeer server via the /api/login api. The server verifies this assertion using the free verifier service by POSTing to https://browserid.org/verify. Finally, upon successful verification, the server sets a cookie which represents an authenticated session.

Sessions

For simplicities' sake, "sessions" in this example are implemented using a third party library which encrypts session data using a private key and stores this data in a cookie on the user's browser. This approach makes it so the server doesn't need to store any data to implement sessions and keeps the example simple.

Persistence

We have to store the beer preferences somewhere. mongodb is used for this purpose and a very simple database abstraction layer exists in db.js. The details of interacting with the database aren't important, but if you're curious have a look in db.js.

Run it!

To run the example code locally:

  1. clone this repository
  2. install node (0.6.5+) and npm.
  3. npm install
  4. PORT=8080 npm start

Now open http://127.0.0.1:8080 up in your web browser.

NOTE: You'll see warnings about how no database is configured. Don't worry about it. The code is designed to run with or without a configured database so that it's easier to play with. The only downside of running without a database is that your server won't remember anything. Oh well.

Deployment

The code is designed to run on heroku's node.js hosting services, and the only way this affects the implementation is via environment variable naming choices and the presence of a Procfile which tells heroku how to start the server.

If you'd like to deploy this service to heroku yourself, all you'd have to do is:

  1. set up a heroku account (and run through their tutorial)
  2. create a heroku instance running nodejs 0.6: heroku create --stack cedar --buildpack http://github.com/hakobera/heroku-buildpack-nodejs.git <appname>
  3. add a free mongolab instance (for persistence): heroku addons:add mongolab:starter
  4. set your app to bind to all available ips: heroku config:add IP_ADDRESS=0.0.0.0
  5. set a random string to encrypt cookies: heroku config:add SEKRET=<long random string>
  6. push the code up to heroku: git push heroku master

NOTE: While the sample is targeted at heroku, with minimal code modifications it should run under the hosting environment of your preference.

Credit

Concept + Design(kinda): http://myfavouritesandwich.org/ Art: http://www.flickr.com/photos/bitzi/236037776/

More Repositories

1

node-memwatch

A NodeJS library to keep an eye on your memory usage, and discover and isolate leaks.
C++
2,482
star
2

yajl

A fast streaming JSON parsing library in C.
C
2,116
star
3

JSONSelect

CSS-like selectors for JSON
JavaScript
1,590
star
4

node-toobusy

Build Node.JS servers that don't fall over.
JavaScript
1,304
star
5

node-compute-cluster

NodeJS library for distributing computation across multiple processes.
JavaScript
444
star
6

orderly

The reference implementation of orderly: a schema language for JSON.
C
220
star
7

easylzma

An easy to use, tiny, public domain, C wrapper library around Igor Pavlov's work that can be used to compress and extract lzma files.
C
119
star
8

connect-etagify

etagify is connect middleware to add ETag headers to cachable but non-static content.
JavaScript
49
star
9

ircloggr

A system for producing web accessible IRC logs, in node.js.
JavaScript
34
star
10

connect-select

Server side filtering of JSON responses using JSONSelect
JavaScript
33
star
11

ass

A node.js code coverage library which aggregates stats cross process.
JavaScript
22
star
12

JSONSelectTests

Conformance tests for the JSONSelect selector language
22
star
13

persona.js

Use Persona for authentication, the easy way
22
star
14

node-browserid

A nodejs library that verifies BrowserID assertions.
JavaScript
21
star
15

wnram

Go
20
star
16

urlparse.js

URL parsing in javascript with validation, normalization, and matching.
JavaScript
17
star
17

fully_loaded_node

A presentation for http://node.ph which explores scaling CPU bound Node.JS services.
16
star
18

docstract

Parses documentation out of javascript source and outputs JSON.
Python
15
star
19

awsbox-helloworld

A hello world application that demonstrates deploying on awsbox
JavaScript
9
star
20

goj

A fast JSON scanner in go.
Go
8
star
21

lloyd.io

lloyd's blog and website
HTML
8
star
22

blobastorus

A happy little open source dinosaur that offers free itty bitty bits of json cloud storage for webby html5y apps.
JavaScript
8
star
23

myfavoritebooze.org

Another example site that uses BrowserID.
JavaScript
8
star
24

node-cpusage

CPU Sage is a NodeJS library that let's you query the current processes cpu usage.
JavaScript
8
star
25

node.js-persona-example

A minimalist Persona Integration example in Node.JS
JavaScript
7
star
26

yajl_vs_rapidjson

quick and dirty performance comparison of two json parsers.
C++
6
star
27

bakery

A ports system for software projects. Add software by adding "recipes". Build software by placing an "order".
C
6
star
28

gobbledygook

A localization debugging tool that translates strings into legible gobbledygook. In javaScript.
JavaScript
6
star
29

littlepass

(EXPERIMENT) Awesome machine generated passwords for little ones, worldwide?
Python
5
star
30

connect-browserid

nothing to see here.
JavaScript
5
star
31

awsbox-socketio-example

An example of running websockets via socket.io on top of awsbox
JavaScript
4
star
32

notathing

a thing that's not a thing, and probably will never be a thing.
JavaScript
4
star
33

node_leak

tracking down a memory leak in node?
JavaScript
4
star
34

wtfpl

say less.
4
star
35

popcornjs.org

a static clone of popcornjs.org that I can hack on
JavaScript
4
star
36

myfavoriteshow.org

An example site that uses BrowserID to let users sign up for a mailing list.
JavaScript
4
star
37

scrapify

the thing that does the stuff!
Python
3
star
38

browserid-keysigner

JavaScript
3
star
39

mephitidae

JavaScript
3
star
40

throwdown

help, I can't stop creating github repositories!
3
star
41

nice.js

JavaScript
2
star
42

lloyd.github.com

my page
2
star
43

restwork

(EXPERIMENTAL) A minimalist framework for building awesome REST APIs in node.js servers.
JavaScript
2
star
44

postMessagePerf

A little exploration of postMessage throughput
2
star
45

leery

a thing that does some stuff, but not yet.
JavaScript
2
star
46

mozhacks.org

A meta-hack
JavaScript
2
star
47

photovat

nothing to see here.
Python
2
star
48

dotPlan

lloyd's .plan. inspired by pfinette, in turn inspired by John Carmack
2
star
49

chromeless-unplugged

wip
JavaScript
2
star
50

jsga.me

there is nothing to see here.
JavaScript
2
star
51

browserid_ncfs

nothing to see here.
2
star
52

test_travis_ci

a test repo for broken IRC notifications to some servers in travis-ci
2
star
53

connect-postprocess

Experimental middleware for connect that helps intercept and mutate responses.
JavaScript
2
star
54

crash-mozillians

a hacked up lil command line tool to help debug sasl-browserid. not really interesting.
JavaScript
2
star
55

persona-preso

A presentation of persona for DenverJS
JavaScript
1
star
56

cloudwatch2statsd

a dirty hack, maybe general later.
JavaScript
1
star
57

connect-minify

EXPERIMENTAL: lightweight connect middleware for automagic on-the fly combination and minification of resources
JavaScript
1
star
58

testidp.org

JavaScript
1
star
59

i-am-a-dissenter

1
star
60

servedir

a trivial static webserver to serve a directory
Go
1
star
61

mehmeh

C
1
star
62

simulated_infobars

code experiment in simulating infobars in chrome extensions
JavaScript
1
star
63

personatra.in

A simple web based calendar which helps people understand the phases of Persona "trains"
JavaScript
1
star
64

prioritize.io

nothing to see here.
JavaScript
1
star