首页 发现 帮助
注册 登录
dayuan
/
manyi
6
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 34216f9fac
分支列表 标签列表
manyi
/
venv
/
Lib
/
site-packages
/
docs
/
user
/
intro.rst

intro.rst 2.7 KB
文件历史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 
  1. Introduction
    2. 

  2. ============
    3. 

  3. 

  4. How does it work?
    5. 

  5. -----------------
    6. 

  6. At a high level, this is what happens when a user wants to log into a site that
    7. 

  7. uses django-browserid:
    8. 

  8. 

  9. 1. A user clicks a login button on your web page.
    10. 

  10. 2. The JavaScript shim (hosted by Persona_) displays a pop-up asking for the
    11. 

  11.    email address the user wants to log in with.
    12. 

  12. 3. If necessary, the pop-up prompts the user for additional info to
    13. 

  13.    authenticate them. For example, if the user enters an `@mozilla.com` email,
    14. 

  14.    the Mozilla LDAP Identity Provider will prompt them for their LDAP password.
    15. 

  15. 4. The JavaScript receives an "assertion" from the Identity Provider and
    16. 

  16.    submits it to the site's backend via AJAX.
    17. 

  17. 5. The backend sends the assertion to the `Remote verification service`_, which
    18. 

  18.    verifies the assertion and returns the result, including the email address
    19. 

  19.    of the user if verification was successful.
    20. 

  20. 6. The backend finds a user account matching that email (creating it if one
    21. 

  21.    isn't found) and logs the user in as that account.
    22. 

  22. 7. The backend returns a URL that the JavaScript redirects the user to.
    23. 

  23. 

  24. Note that this is just an example flow. Several of these steps can be
    25. 

  25. customized for your site; for example, you may not want user accounts to be
    26. 

  26. created automatically. This behavior can be changed to suit whatever needs you
    27. 

  27. have.
    28. 

  28. 

  29. A `detailed explanation of the BrowserID protocol`_ is available on MDN.
    30. 

  30. 

  31. .. _`detailed explanation of the BrowserID protocol`: https://developer.mozilla.org/Persona/Protocol_Overview
    32. 

  32. .. _Persona: https://www.persona.org
    33. 

  33. .. _`Remote Verification Service`: https://developer.mozilla.org/Persona/Remote_Verification_API
    34. 

  34. 

  35. 

  36. .. _persona-dependence:
    37. 

  37. 

  38. Persona
    39. 

  39. -------
    40. 

  40. By default, django-browserid relies on Persona, which is a set of
    41. 

  41. BrowserID-related services hosted by Mozilla. It's possible, but annoying, to
    42. 

  42. use django-browserid without these dependencies.
    43. 

  43. 

  44. Currently, django-browserid relies on Persona for:
    45. 

  45. 

  46. - The `Cross-browser API Library`_, which implements the ``navigator.id`` API
    47. 

  47.   for browsers that don't natively support BrowserID.
    48. 

  48. - The `Fallback Identity Provider`_ for emails from servers that don't support
    49. 

  49.   BrowserID.
    50. 

  50. - The `Remote verification service`_, which handles assertion verification for
    51. 

  51.   sites that don't want to verify assertions themselves.
    52. 

  52. 

  53. In the future, django-browserid will remove the need to depend on these
    54. 

  54. Mozilla-centric services. Local verification and a self-hosted cross-browser
    55. 

  55. API will greatly reduce the reliance on Mozilla's servers for authentication.
    56. 

  56. 

  57. .. _`Cross-browser API Library`: https://developer.mozilla.org/Persona/Bootstrapping_Persona#Cross-browser_API_Library
    58. 

  58. .. _`Fallback Identity Provider`: https://developer.mozilla.org/Persona/Bootstrapping_Persona#Fallback_Identity_Provider
    59.