Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As a website you can do local verification of the log in assertion.

Mozilla hosts a verifier as a convenience, but you don't have to use it.



But the assertion only gets sent if the user logs in to persona first (with their email and persona password)


Ah! Right. There is no Persona password if your email provider supports Persona natively. If your provider has native support, you only authenticate with them, and the site you're logging into sees a credential issued by your provider. Mozilla is completely out of the transaction in that case.

You can try this yourself with a demo identity provider we have at http://eyedee.me/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: