This repository has been archived by the owner. It is now read-only.
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
66 lines (45 sloc) 2.19 KB


EyeDee.Me is an example Indentity Provider for the BrowserID protocol. This protocol is used by Mozilla Persona to authenticate users across the web.

EyeDee.Me styles itself like an email provider, but does not actually handle any email. Rather, it exists solely as an example for how services, such as email providers, can provide first-class support for BrowserID.


EyeDee.Me requires Node.js, npm, a MySQL database, and a webserver acting as a reverse proxy / SSL terminator. Once those are in place:

  1. Clone this repository.

  2. Execute npm install in the root of your clone to get all of the necessary Node libraries.

  3. Generate a signing keypair by launching node and running:

    jwk = require("jwcrypto/jwk");
    keypair = jwk.KeyPair.generate('RS', 128);
  4. Store the keys somewhere safe.

  5. Create a MySQL user and database:

    $ mysql -uroot -p
    > CREATE USER 'eyedeeme'@'localhost';
    > CREATE DATABASE eyedeeme;
    > GRANT ALL ON eyedeeme.* TO 'eyedeeme'@'localhost';


You must set four environment variables before EyeDee.Me will function:

  1. PUBLIC_KEY: The public key, as printed by the script above. Default: Ephemeral key, generated at runtime.

  2. PRIVATE_KEY: The secret key, as printed by the script above. Default: Ephemeral key, generated at runtime.

  3. MYSQL_URL: A connection string for your MySQL database, in the form mysql://user:pass@host:port/dbname. Default: mysql://eyedeeme@

  4. PORT: A port for EyeDee.Me to listen on. Default: random.

Once those are available, you can run with ./bin/eyedeeme or npm start.

Because the BrowserID protocol requires SSL on connections to Identity Providers, you must also configure a reverse proxy or SSL teminator to accept HTTPS connections and forward them to a running EyeDee.Me instance, such as the one on the port defined above. Otherwise, your users will not be forwarded to your Identity Provider for authentication when logging in to sites with Persona.