Blog Post: Painless Authentication with Pyramid and BrowserID

JR Conlin jconlin at mozilla.com
Thu Oct 20 08:18:45 PDT 2011


Hi Ryan,

I took a quick look at the code and I've got a couple of questions:

1) in repoze/who/plugins/browserid/utils.py
I see you're using regular expressions to parse the returned assertion. 
The assertion is in javascript. Why not use
return json.loads(value) ?

2) On a somewhat like note, I see you're validating the cert against 
browserid.org instead of doing local validation. Will that be coming later?

Looks pretty cool, other than that. Thanks!

On 10/20/2011 2:18 AM, Ryan Kelly wrote:
> Hi All,
>
>
>    I've just knocked up a quick blog post about some of the auth work
> I've been doing:
>
>      Painless Authentication with Pyramid and BrowserID:
>      http://www.rfk.id.au/blog/entry/painless-auth-pyramid-browserid/
>
>    Any thoughts or feedback appreciated.  It's not hooked into the rest
> of the site yet, so if I've said anything wrong or controversial I can
> still revert it :-)
>
>    I've pretty much completed the splitting-out of the code into
> independent packages, and the things described in the post have no
> dependencies on mozsvc or any of our internal code.  Tomorrow I'll start
> building up some more detailed documentation in the wiki.
>
>
>    Cheers,
>
>       Ryan
>
>
>
> _______________________________________________
> Services-dev mailing list
> Services-dev at mozilla.org
> https://mail.mozilla.org/listinfo/services-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.mozilla.org/private/services-dev/attachments/20111020/bb733af7/attachment.html>


More information about the Services-dev mailing list