Blog Post: Painless Authentication with Pyramid and BrowserID

JR Conlin jconlin at
Thu Oct 20 08:18:45 PDT 2011

Hi Ryan,

I took a quick look at the code and I've got a couple of questions:

1) in repoze/who/plugins/browserid/
I see you're using regular expressions to parse the returned assertion. 
The assertion is in javascript. Why not use
return json.loads(value) ?

2) On a somewhat like note, I see you're validating the cert against instead of doing local validation. Will that be coming later?

Looks pretty cool, other than that. Thanks!

On 10/20/2011 2:18 AM, Ryan Kelly wrote:
> Hi All,
>    I've just knocked up a quick blog post about some of the auth work
> I've been doing:
>      Painless Authentication with Pyramid and BrowserID:
>    Any thoughts or feedback appreciated.  It's not hooked into the rest
> of the site yet, so if I've said anything wrong or controversial I can
> still revert it :-)
>    I've pretty much completed the splitting-out of the code into
> independent packages, and the things described in the post have no
> dependencies on mozsvc or any of our internal code.  Tomorrow I'll start
> building up some more detailed documentation in the wiki.
>    Cheers,
>       Ryan
> _______________________________________________
> Services-dev mailing list
> Services-dev at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Services-dev mailing list