Skip to content
This repository

Persona is a secure, distributed, and easy to use identification system.

branch: dev

Merge pull request #4122 from yesyayen/dev

changed old MV address to New MV address
latest commit 9968b03585
Austin King ozten authored April 17, 2014
Octocat-spinner-32 automation-tests Fix automation-tests for 797894f "Require a password-level authentica… February 24, 2014
Octocat-spinner-32 bin use hood to add security headers November 07, 2013
Octocat-spinner-32 config Remove temporary hacks November 07, 2013
Octocat-spinner-32 docs Adding setup instructions for RHEL and RHEL derivatives January 09, 2014
Octocat-spinner-32 example a stateless "goldilocks" api October 17, 2013
Octocat-spinner-32 lib add cache-control, access-control-allow-origin, and vary headers to m… March 29, 2014
Octocat-spinner-32 resources changed old MV address to New MV address April 17, 2014
Octocat-spinner-32 scripts check_primary_support: fix logging import November 30, 2013
Octocat-spinner-32 tests test for wsapi client-sessions using ssl proxy March 16, 2014
Octocat-spinner-32 .awsbox.json Change the awsbox config, localhooks has been renamed to local_hooks.… October 30, 2012
Octocat-spinner-32 .gitignore An implementation for B2G to ask allow users to log in even if April 28, 2013
Octocat-spinner-32 .jshintrc cleaned up primary.js jshint warnings October 23, 2012
Octocat-spinner-32 .travis.yml temporarily remove lloyd on this branch August 22, 2013
Octocat-spinner-32 CONTRIBUTORS Simplify the robots.txt logic, use the same logic as humans.txt December 16, 2013
Octocat-spinner-32 ChangeLog bump version in dev after branching train-2013.11.06 November 06, 2013
Octocat-spinner-32 LICENSE bring LICENSE into compliance with April 03, 2012
Octocat-spinner-32 Makefile Upgrade license to MPL 2. (closes #859) January 10, 2012
Octocat-spinner-32 Make Travis CI instructions slightly clearer June 28, 2013
Octocat-spinner-32 lockdown.json fix for cookies 0.3.8 not in lockdown.json February 14, 2014
Octocat-spinner-32 package.json bumped client-sessions and hood January 09, 2014

This repository contains the core Mozilla Persona services. Persona is a login system based on the BrowserID protocol.

To learn about using Persona on your site, check out our documentation on MDN.

Repository Contents

This repository contains several projects related to Persona:

  • The Persona Fallback IdP: A fallback Identity Provider (IdP) for users without native support for Persona via their email provider. Written in node.js, hosted at

  • The Persona Remote Verification Service: A stateless node.js server which handles cryptographic verification of identity assertions. Hosted at, but easy to run locally.

  • The Cross-Browser Persona Support Library: The include.js file that provides the API for browsers without native support for Persona. This also includes the code for the dialog shown to users of those browsers.

  • Sample and Test Code: For all of the above.

Getting Started

The Persona team uses Git and GitHub for all of our development and issue tracking. If you'd like to contribute code back to us, please do so using a Pull Request. If you get stuck and need help, you can find the core team on our public mailing list or in #identity on

Install Dependencies

BrowserID needs the following dependencies before it can run:

  • node.js (>= 0.8.11)
  • libgmp3
  • g++

For detailed instructions for your specific operating system, check out the SETUP docs in the docs/ folder.

Running BrowserID Locally

To run the BrowserID service locally:

  1. Clone the repository to your machine.
  2. Run npm install from the root of your clone.
  3. Run npm start from the root of your clone.

When you run npm start, it will print several URLs to your terminal. You can test that everything is working by visiting the URL for the example (RP) site. Look for a line like this in the terminal:

example (10361): running on

You can stop the services by typing Control-C in the terminal.

Staying Up to Date

To stay up to date with BrowserID:

  1. Use git pull to retrieve new changes.
  2. Delete both the var and node_modules folders in the root of your local clone.
  3. Run npm install from the root of your local clone.


Local testing:

Unit tests can be run by invoking npm test at the top level. At present, there are three classes of unit tests to be run:

  • Backend unit tests against a custom, zero-dependency JSON database.
  • Backend unit tests against MySQL, what we use in production.
  • Frontend unit tests run headlessly against PhantomJS.

You can control which tests are run using the WHAT_TESTS env var, see scripts/test for details.

Continuous Integration Testing:

Integration tests are done with Travis-CI. It is recommended that you setup Travis-CI for your BrowserID fork so that tests are automatically run when you push changes. This will give the BrowserID team confidence that your changes both function correctly and do not cause regressions in other parts of the code. Configuration files are already included in the repo but some setup is necessary.

  1. Sign in to GitHub
  2. Open Travis-CI
  3. Click "Sign in with GitHub" if you are not signed in. If you are signed in, click on your username then "Profile" and go to step 5.
  4. Click "Allow" if this is your first time signing in.
  5. Find "browserid" in "Your Repositories"
  6. Move the switch from "OFF" to "ON"
  7. Open your fork of BrowserID on GitHub
  8. Click the "Settings" button
  9. Click "Service Hooks" and find the "Travis" Service Hook
  10. Paste in your "Token" which you can find it on your Travis-CI Profile.
  11. Ensure that "Travis" has a green radio button
  12. Push to your fork and return to Travis-CI. Watch the tests run.


All source code here is available under the MPL 2.0 license, unless otherwise indicated.

Something went wrong with that request. Please try again.