zookeeper角色介绍
So you've heard of this new hipster login service called Persona. It promises to relieve you of dealing with passwords, and be easy to setup. Can it really? I'm here to walk you through setting up Persona on your own website, in just a few minutes. At a glance, here's what you'll need to do:
因此,您已经听说过这项名为Persona的新潮人登录服务。 它有望减轻您处理密码的麻烦,并且易于设置。 可以吗 我在这里向您介绍在几分钟之内在自己的网站上设置Persona的过程。 概览,这是您需要做的:
- Grab the include.js shim 抓住include.js垫片
Hook up your login button to use
navigator.id连接您的登录按钮以使用
navigator.id- Verify the credentials navigator.id gives you on your server 验证凭据navigator.id是否在您的服务器上为您提供
So let's dive in, step by step.
因此,让我们逐步深入。
include.js (include.js)
Until Persona is native in all browsers, you'll need to include a shim that provides the navigator.id API in all browsers. While Persona is in beta, we recommend linking directly against our server. Once we feel confident that the internals are exactly the way we want, we can encourage people to self-host. So, throw this at the bottom of your <body>:
在所有浏览器中都不使用Persona之前,您需要包括一个在所有浏览器中提供navigator.id API的填充程序。 当Persona处于测试版时,我们建议直接链接到我们的服务器。 一旦我们确信内部结构正是我们想要的方式,我们就可以鼓励人们自我接纳。 因此,将其放在<body>的底部:
<script type="text/javascript" src="https://login.persona.org/include.js"></script>
使用navigator.id (Using navigator.id)
一个按钮 (A Button)
If you don't already have a login button, then add one in your markup. We provide some buttons that already look quite swell.
如果您还没有登录按钮,请在标记中添加一个。 我们提供了一些看起来已经很膨胀的按钮 。
navigator.id.request
I'm going to assume you use jQuery, because most do. If you use something else, then you should know what parts to change.
我将假设您使用jQuery,因为大多数都使用jQuery。 如果您使用其他东西,那么您应该知道要更改的部分。
$("#login-btn").click(function(e) {
e.preventDefault();
navigator.id.request();
});
navigator.id.logout (navigator.id.logout)
When a user is logged in, you can show a logout button instead, and hook it up like this:
用户登录后,您可以改为显示注销按钮,然后将其连接起来,如下所示:
$("#logout-btn").click(function(e) {
e.preventDefault();
navigator.id.logout();
});
navigator.id.watch
Next, we can start watching for changes in the declared identity. With this method in place, if a new user has closed your site while confirming their email address, we can still forward them back to your site, and you will receive an onlogin event. There's a few other good reasons, but that's likely the most common.
接下来,我们可以开始观察声明的身份的更改。 采用这种方法,如果新用户在确认其电子邮件地址的同时关闭了您的网站,我们仍然可以将其转发回您的网站,您将收到一个onlogin事件。 还有其他一些很好的理由,但这可能是最常见的。
We do this with navigator.id.watch(). It takes an onlogin method, onlogout method, and a loggedInUser string. If you think the user is logged in, you should pass the email string, and we'll double check it.
我们使用navigator.id.watch()进行此操作。 它需要一个onlogin方法, onlogout方法,以及loggedInUser字符串。 如果您认为用户已登录,则应传递电子邮件字符串,我们将对其进行仔细检查。
navigator.id.watch({
onlogin: function(assertion) {
verifyAssertion(assertion);
},
onlogout: function() {
},
loggedInUser: undefined
});
The onlogin callback will be called with an assertion. This is a signed blob with data inside essentially saying "I promise this is foo@bar.com". Still, you can't fully trust the client. So, you need to send this assertion to your server, and verify that it wasn't tampered with, and that the promise isn't a lie. After successfully verifying, you can do your normal session stuff that you would normally do, and then be sure in all subsequent page loads to set loggedInUser to the user's email.
onlogin回调将通过一个断言来调用。 这是一个带签名的Blob,其中的数据实际上是在说“我保证这是foo@bar.com”。 但是,您不能完全信任客户。 因此,您需要将此断言发送到您的服务器,并验证它没有被篡改,并且保证不是谎言。 成功验证之后,您可以像平常一样进行常规会话,然后确保在所有后续页面加载中将loggedInUser设置为用户的电子邮件。
验证 (Verification)
The verifyAssertion function shown in the onlogin callback above is a function you implement. Again, assuming jQuery, it could look something like this:
上面onlogin回调中显示的verifyAssertion函数是您实现的函数。 同样,假设使用jQuery,它可能看起来像这样:
function verifyAssertion(assertion) {
$.post("/auth/verify", { assertion: assertion }, function onSuccess(resp) {
// maybe you return a json response including the email
updateUser(resp.email);
});
};
As with the shim, we currently recommend you ask our verification server to verify the assertion for you, but once we're certain theres no bugs in the verification process, you'll be welcome to self-host a verification method on your own server.
与填充程序一样,我们目前建议您要求验证服务器为您验证断言,但是一旦确定验证过程中没有错误,我们欢迎您在自己的服务器上自行托管验证方法。
Our verifier service will return a valid JSON response if the assertion is valid:
如果断言有效,我们的验证程序服务将返回有效的JSON响应:
{
"status": "okay",
"email": "foo@bar.com",
"audience": "https://yoursitehere.com",
"expires": 1308859352261,
"issuer": "bar.com"
}
Here's an example using Python and the Requests library:
这是使用Python和Requests库的示例:
data = {'assertion': assertion, 'audience': 'https://yoursitehere.com'}
resp = requests.post('https://verifier.login.persona.org/verify', data=data, verify=True)
json = resp.json()
if json['status'] == 'okay':
# use json['email'] to do your normal logging in
# i made up a login mechanism here
email = json['email']
user = User.objects.get(email=email)
if not user:
user = User.objects.create(email=email)
session.userid
session.userid = user.pk
return { 'email': email }
If the assertion is valid, we logged the user in if we've seen them before, or create a new user if we haven't. You can imagine what you would do if resp.json['status'] was not okay.
如果该断言有效,则如果我们之前曾见过用户,则将其登录;否则,将创建一个新用户。 您可以想象如果resp.json['status'] okay ,您会怎么做。
而已! (That's it!)
You've now got Sign Up and Sign In implemented. You don't need to worry yourself with hashing passwords, showing captchas, or any like matter. If you liked all that, here's some additional resources to learn more and get the most out of Persona:
现在,您已经实现了注册和登录。 您无需担心哈希密码,显示验证码或类似问题。 如果您喜欢所有这些,这里有一些其他资源,以了解更多信息并充分利用Persona:
zookeeper角色介绍
688
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
