Browser ID

After gathering feedback from our users and our User Experience team, we’re excited to announce that we’ve implemented several important new features in Persona. These features include showing your website’s name and logo in the login dialog, a ... [More] streamlined experience for first-time Persona users, and greater security thanks to global logout from any device. In order to make these features a reality, we had to change our JavaScript API. Working with the community on our public mailing list, we’ve come up with a brand new way to use Persona on your site. We call it the “Observer API,” and we believe it’s the future of Persona. We’ll be announcing a “Beta” release of Persona before the end of September, at which point the Observer API will become the recommended means of integrating Persona into your website. We do not plan to deprecate the previous API (navigator.id.get()) at this time. Nevertheless, we’re committed to working with our community to get everyone up and running with—and reaping the benefits of—the Observer API. How Does It Work? The Observer API consists of just three functions: At the time your page loads, you watch() for login/logout notifications from Persona. Whenever a user clicks the login button on your site, you request() a verified email from your user, which opens the Persona dialog. Finally, when a user logs out of your site, you tell Persona by calling logout(). This new structure is a great foundation for future refinements and improvements to the Persona experience: we couldn’t have delivered all of the aforementioned features without it! You can find out more by reading our documentation on MDN. Where Can I Get Help Upgrading My Site? As always, start with the docs. If you’re still stuck, drop us a line on our mailing list or stop by our IRC channel: #identity on irc.mozilla.org. Let us know know what you think by tweeting with the hashtag #mozPersona! [Less]

After gathering feedback from our users and our User Experience team, we’re excited to announce that we’ve implemented several important new features in Persona. These features include showing your website’s name and logo in the login dialog, a ... [More] streamlined experience for first-time Persona users, and greater security thanks to global logout from any device. In order to make these features a reality, we had to change our JavaScript API. Working with the community on our public mailing list, we’ve come up with a brand new way to use Persona on your site. We call it the “Observer API,” and we believe it’s the future of Persona. We’ll be announcing a “Beta” release of Persona before the end of September, at which point the Observer API will become the recommended means of integrating Persona into your website. We do not plan to deprecate the previous API (navigator.id.get()) at this time. Nevertheless, we’re committed to working with our community to get everyone up and running with—and reaping the benefits of—the Observer API. How Does It Work? The Observer API consists of just three functions: At the time your page loads, you watch() for login/logout notifications from Persona. Whenever a user clicks the login button on your site, you request() a verified email from your user, which opens the Persona dialog. Finally, when a user logs out of your site, you tell Persona by calling logout(). This new structure is a great foundation for future refinements and improvements to the Persona experience: we couldn’t have delivered all of the aforementioned features without it! You can find out more by reading our documentation on MDN. Where Can I Get Help Upgrading My Site? As always, start with the docs. If you’re still stuck, drop us a line on our mailing list or stop by our IRC channel: #identity on irc.mozilla.org. Let us know know what you think by tweeting with the hashtag #mozPersona! [Less]

After gathering feedback from our users and our User Experience team, we’re excited to announce that we’ve implemented several important new features in Persona. These features include showing your website’s name and logo in the login dialog, a ... [More] streamlined experience for first-time Persona users, and greater security thanks to global logout from any device. In order to make these features a reality, we had to change our JavaScript API. Working with the community on our public mailing list, we’ve come up with a brand new way to use Persona on your site. We call it the “Observer API,” and we believe it’s the future of Persona. We’ll be announcing a “Beta” release of Persona before the end of September, at which point the Observer API will become the recommended means of integrating Persona into your website. We do not plan to deprecate the previous API (navigator.id.get()) at this time. Nevertheless, we’re committed to working with our community to get everyone up and running with—and reaping the benefits of—the Observer API. How Does It Work? The Observer API consists of just three functions: At the time your page loads, you watch() for login/logout notifications from Persona. Whenever a user clicks the login button on your site, you request() a verified email from your user, which opens the Persona dialog. Finally, when a user logs out of your site, you tell Persona by calling logout(). This new structure is a great foundation for future refinements and improvements to the Persona experience: we couldn’t have delivered all of the aforementioned features without it! You can find out more by reading our documentation on MDN. Where Can I Get Help Upgrading My Site? As always, start with the docs. If you’re still stuck, drop us a line on our mailing list or stop by our IRC channel: #identity on irc.mozilla.org. Let us know know what you think by tweeting with the hashtag #mozPersona! [Less]

The Persona team has always been interested in optimizing the user experience for developers and users alike. Some time ago we identified one area where we could improve: the first-time sign-up flow. We’ve been hard at work making this process as ... [More] smooth as possible, read on to find out how! The Challenge The Persona sign-up flow is designed to leverage the user’s existing accounts and passwords if their email provider supports our protocol. For unsupported providers, we verify identities by sending a confirmation email. This flow potentially causes the user to leave the destination site to check their email, an action that can make it difficult to navigate back. The Goal - Increase Completion Rates The goal is simple - increase the completion rate. A completed user is one who has verified their email address, is viewing the destination site, and is authenticated to that site. We previously experimented with redirecting users back to the destination site, but until recently there was no way to sign the user in. The new Observer API makes this possible - everything is now lined up to complete the flow. The Observer API makes user verification seamless. Once a user completes* the Persona verification they are redirected to the destination site and automatically signed in.  Information about the Observer API can be found on MDN. Simplifying the Persona Sign Up Flow from Shane Tomlinson on Vimeo. Redirect Verified Users to Alternate Endpoints The new returnTo option to navigator.id.request allows a site to send users to an alternate endpoint after address verification.returnTo is an absolute path, meaning it *must* start with “/”. Neither relative paths nor alternate domains can be specified. navigator.id.request({ ... returnTo: '/pathToReturnTo.html', ...}); Support for returnTo and the other post-verification updates are live in production now. Check out the docs, give it a try, and let us know what you think. You can contact us through our mailing list, the #identity IRC channel on freenode, or on Twitter with “#browserid”. === * Only users who verify their email address using the same browser they used to start the signup will be redirected and signed in. [Less]

The Persona team has always been interested in optimizing the user experience for developers and users alike. Some time ago we identified one area where we could improve: the first-time sign-up flow. We’ve been hard at work making this process as ... [More] smooth as possible, read on to find out how! The Challenge The Persona sign-up flow is designed to leverage the user’s existing accounts and passwords if their email provider supports our protocol. For unsupported providers, we verify identities by sending a confirmation email. This flow potentially causes the user to leave the destination site to check their email, an action that can make it difficult to navigate back. The Goal - Increase Completion Rates The goal is simple - increase the completion rate. A completed user is one who has verified their email address, is viewing the destination site, and is authenticated to that site. We previously experimented with redirecting users back to the destination site, but until recently there was no way to sign the user in. The new Observer API makes this possible - everything is now lined up to complete the flow. The Observer API makes user verification seamless. Once a user completes* the Persona verification they are redirected to the destination site and automatically signed in.  Information about the Observer API can be found on MDN. Simplifying the Persona Sign Up Flow from Shane Tomlinson on Vimeo. Redirect Verified Users to Alternate Endpoints The new returnTo option to navigator.id.request allows a site to send users to an alternate endpoint after address verification.returnTo is an absolute path, meaning it *must* start with “/”. Neither relative paths nor alternate domains can be specified. navigator.id.request({ ... returnTo: '/pathToReturnTo.html', ...}); Support for returnTo and the other post-verification updates are live in production now. Check out the docs, give it a try, and let us know what you think. You can contact us through our mailing list, the #identity IRC channel on irc.mozilla.org, or on Twitter with “#browserid”. === * Only users who verify their email address using the same browser they used to start the signup will be redirected and signed in. [Less]

The Persona team has always been interested in optimizing the user experience for developers and users alike. Some time ago we identified one area where we could improve: the first-time sign-up flow. We’ve been hard at work making this process as ... [More] smooth as possible, read on to find out how! The Challenge The Persona sign-up flow is designed to leverage the user’s existing accounts and passwords if their email provider supports our protocol. For unsupported providers, we verify identities by sending a confirmation email. This flow potentially causes the user to leave the destination site to check their email, an action that can make it difficult to navigate back. The Goal - Increase Completion Rates The goal is simple - increase the completion rate. A completed user is one who has verified their email address, is viewing the destination site, and is authenticated to that site. We previously experimented with redirecting users back to the destination site, but until recently there was no way to sign the user in. The new Observer API makes this possible - everything is now lined up to complete the flow. The Observer API makes user verification seamless. Once a user completes* the Persona verification they are redirected to the destination site and automatically signed in.  Information about the Observer API can be found on MDN. Simplifying the Persona Sign Up Flow from Shane Tomlinson on Vimeo. Redirect Verified Users to Alternate Endpoints The new returnTo option to navigator.id.request allows a site to send users to an alternate endpoint after address verification.returnTo is an absolute path, meaning it *must* start with “/”. Neither relative paths nor alternate domains can be specified. navigator.id.request({ ... returnTo: '/pathToReturnTo.html', ...}); Support for returnTo and the other post-verification updates are live in production now. Check out the docs, give it a try, and let us know what you think. You can contact us through our mailing list, the #identity IRC channel on irc.mozilla.org, or on Twitter with “#browserid”. === * Only users who verify their email address using the same browser they used to start the signup will be redirected and signed in. [Less]

One of the features we’ve added to Persona’s new Observer API is the ability for websites that use Persona (“Relying Parties”) to add their name and logo to the login screen. To do this, just add a siteName and/or siteLogo property to your ... [More] navigator.id.request() call. The default login screen only shows the website’s domain name, as illustrated below: By adding siteName, you can put additional text in the right-hand RP area: navigator.id.request({ siteName: "Tahoe LAFS" }); Or you can use siteLogo to add an image: navigator.id.request({ siteLogo: "/logo.png" }); You can also use both, in which case the name will appear below the logo. In all cases, the website’s domain name is displayed below the siteName and siteLogo, so the user knows for sure which site is going to receive their email address. Restrictions (Use SSL!) There are a few restrictions to be aware of: siteName must be plain text: no markup is allowed. Unicode and whitespace is ok, but keep it short or the dialog box may clip. siteLogo must be a site-relative URL with an absolute path (i.e. it must start with a ‘/’ slash). In the future, we’ll probably relax this requirement and enable absolute URLs and even data: URIs. Images larger than 100*100 pixels will be scaled down to fit. siteLogo requires SSL. The login dialog is served over HTTPS, so the logo image must also be served over HTTPS (to avoid mixed-content warnings), which means your login page (the one that calls navigator.id.request()) must be served over HTTPS too. If you try to use siteLogo from an HTTP-served page, your users will actually get an “improper usage of API” error from the Persona code. But, as a respectable RP who cares about your user’s privacy, your whole site is already being served with HTTPS, right? Right? Support for siteName and siteLogo rolled to production yesterday, so take a look at the docs and give it a spin. And let us know how it works for you, through our mailing list, the #identity IRC channel on freenode, or on Twitter with “#browserid”. [Less]

One of the features we’ve added to Persona’s new Observer API is the ability for websites that use Persona (“Relying Parties”) to add their name and logo to the login screen. To do this, just add a siteName and/or siteLogo property to your ... [More] navigator.id.request() call. The default login screen only shows the website’s domain name, as illustrated below: By adding siteName, you can put additional text in the right-hand RP area: navigator.id.request({ siteName: "Tahoe LAFS" }); Or you can use siteLogo to add an image: navigator.id.request({ siteLogo: "/logo.png" }); You can also use both, in which case the name will appear below the logo. In all cases, the website’s domain name is displayed below the siteName and siteLogo, so the user knows for sure which site is going to receive their email address. Restrictions (Use SSL!) There are a few restrictions to be aware of: siteName must be plain text: no markup is allowed. Unicode and whitespace is ok, but keep it short or the dialog box may clip. siteLogo must be a site-relative URL with an absolute path (i.e. it must start with a ‘/’ slash). In the future, we’ll probably relax this requirement and enable absolute URLs and even data: URIs. Images larger than 100*100 pixels will be scaled down to fit. siteLogo requires SSL. The login dialog is served over HTTPS, so the logo image must also be served over HTTPS (to avoid mixed-content warnings), which means your login page (the one that calls navigator.id.request()) must be served over HTTPS too. If you try to use siteLogo from an HTTP-served page, your users will actually get an “improper usage of API” error from the Persona code. But, as a respectable RP who cares about your user’s privacy, your whole site is already being served with HTTPS, right? Right? Support for siteName and siteLogo rolled to production yesterday, so take a look at the docs and give it a spin. And let us know how it works for you, through our mailing list, the #identity IRC channel on irc.mozilla.org, or on Twitter with “#browserid”. [Less]

One of the features we’ve added to Persona’s new Observer API is the ability for websites that use Persona (“Relying Parties”) to add their name and logo to the login screen. To do this, just add a siteName and/or siteLogo property to your ... [More] navigator.id.request() call. The default login screen only shows the website’s domain name, as illustrated below: By adding siteName, you can put additional text in the right-hand RP area: navigator.id.request({ siteName: "Tahoe LAFS" }); Or you can use siteLogo to add an image: navigator.id.request({ siteLogo: "/logo.png" }); You can also use both, in which case the name will appear below the logo. In all cases, the website’s domain name is displayed below the siteName and siteLogo, so the user knows for sure which site is going to receive their email address. Restrictions (Use SSL!) There are a few restrictions to be aware of: siteName must be plain text: no markup is allowed. Unicode and whitespace is ok, but keep it short or the dialog box may clip. siteLogo must be a site-relative URL with an absolute path (i.e. it must start with a ‘/’ slash). In the future, we’ll probably relax this requirement and enable absolute URLs and even data: URIs. Images larger than 100*100 pixels will be scaled down to fit. siteLogo requires SSL. The login dialog is served over HTTPS, so the logo image must also be served over HTTPS (to avoid mixed-content warnings), which means your login page (the one that calls navigator.id.request()) must be served over HTTPS too. If you try to use siteLogo from an HTTP-served page, your users will actually get an “improper usage of API” error from the Persona code. But, as a respectable RP who cares about your user’s privacy, your whole site is already being served with HTTPS, right? Right? Support for siteName and siteLogo rolled to production yesterday, so take a look at the docs and give it a spin. And let us know how it works for you, through our mailing list, the #identity IRC channel on irc.mozilla.org, or on Twitter with “#browserid”. [Less]

One of the features we’ve added to Persona’s new Observer API is the ability for websites that use Persona (“Relying Parties”) to add their name and logo to the login screen. To do this, just add a siteName and/or siteLogo property to your ... [More] navigator.id.request() call. The default login screen only shows the website’s domain name, as illustrated below: By adding siteName, you can put additional text in the right-hand RP area: navigator.id.request({ siteName: "Tahoe LAFS" }); Or you can use siteLogo to add an image: navigator.id.request({ siteLogo: "/logo.png" }); You can also use both, in which case the name will appear below the logo. In all cases, the website’s domain name is displayed below the siteName and siteLogo, so the user knows for sure which site is going to receive their email address. Restrictions (Use SSL!) There are a few restrictions to be aware of: siteName must be plain text: no markup is allowed. Unicode and whitespace is ok, but keep it short or the dialog box may clip. siteLogo must be a site-relative URL with an absolute path (i.e. it must start with a ‘/’ slash). In the future, we’ll probably relax this requirement and enable absolute URLs and even data: URIs. Images larger than 100*100 pixels will be scaled down to fit. siteLogo requires SSL. The login dialog is served over HTTPS, so the logo image must also be served over HTTPS (to avoid mixed-content warnings), which means your login page (the one that calls navigator.id.request()) must be served over HTTPS too. If you try to use siteLogo from an HTTP-served page, your users will actually get an “improper usage of API” error from the Persona code. But, as a respectable RP who cares about your user’s privacy, your whole site is already being served with HTTPS, right? Right? Support for siteName and siteLogo rolled to production yesterday, so take a look at the docs and give it a spin. And let us know how it works for you, through our mailing list, the #identity IRC channel on irc.mozilla.org, or on Twitter with “#browserid”. [Less]