manage my logins
BrowserID
for Developers

With BrowserID you can implement simple and sophisticated authentication on your site that your users will love. All this with just a few lines of code! Let's get started:

1.

Enable BrowserID: First you must include the BrowserID JavaScript library in your site. Just add a script tag to your <head>

<script src="https://browserid.org/include.js"></script>
2.

Identify the User: Now you'll need to hook up your login and sign-in buttons to BrowserID. Instead of displaying a form which asks for a username and password, with BrowserID you make a javascript call and the interaction with the user is handled for you. 

navigator.id.getVerifiedEmail(function(assertion) {
    if (assertion) {
        // This code will be invoked once the user has successfully
        // selected an email address they control to log in with.
    } else {
        // something went wrong!  the user isn't logged in.
    }
});

Again, the above code should run when a user clicks the login button on your site. Upon a successful login, you'll be called back with an assertion, which contains the user's email address, along with crytographic proof that the user is who they say they are (proof which comes from the email provider).

3.

Verify the User's Identify: Next we should check that the user really is who they say they are. The process of doing this is basically checking that the assertion is properly signed by their email provider. Once this is done we can be sure that the email provider agress that the user is actual.

The easiest way to verify is to use the free verfication service provided by BrowserID. To use it, you send a request to https://browserid.org/verify with the assertion as a GET parameter. You should perform this request from your server, but for illustrative purposes, here's how it might look from the client: 

var url = "https://browserid.org/verify?assertion="
        + window.encodeURIComponent(assertion)
        + "&audience=" + window.encodeURIComponent(window.location.host);

$.get(url, function(result) {
    if (result.status === "okay") alert("verification is valid!");
    else alert("uh oh, bogus verification!");
});

4.

Complete the log in! Having completed the steps above, you can trust that the user is really identified by the email stored in the assertion under the assertion.email property. You don't need to perform any additional authentication unless you want to! From here, you can set up session cookies and do whatever you like.

You're done! Welcome to BrowserID! For more details, have a look at our demonstration, and view the code behind it.

BrowserID is an open source experiment into improving identity and authentication on the web, by mozilla labs.

Source Code   Specification   Mailing list

Copyright © 2011 Mozilla. All rights reserved.