personatestuser.org is a service that makes it easy to write automated tests of persona login on your site.
This system furnishes an API for creating temporary Persona accounts. The email accounts intended for testing the Persona service. They are valid for two hours, after which time they will automatically be canceled. Specifically, the API permits you to:
- Get a new verified email and password
- Get a new unverivied email and password
- Get a new verified email, password, and assertion for a certain audience
- Get an assertion for a certian audience using an existing email
- Delete an email account (happens automatically on expiration)
Some of these functions can be performed directly in the web console,
but it is assumed that the most common use cases will depend on
or programmatic approaches.
The queries are all HTTP GETs; they return JSON. Sometimes, an
optional final argument env may be applied. This may be one of
custom. The default is
The first three (
dev) are shorthand for the
Persona production, staging, and development instances.
is shorthand for localhost.
If you specify
custom, you must provide two parameters:
verifier, specifying which urls personatestuser should use.
For example, this gets a new verified email address from Persona:
This gets a verified email using a custom Persona deployment:
You can also use an IP address:
All queries return a JSON string on success with some or all of the following fields:
passThe password for the account
tokenA verification token for use with the identity provider
expiresExpiration date in seconds since the epoch
envThe name of the server environment ("prod", "dev", "stage", "local", "custom")
browseridThe url for the IdP specified by env
verifierThe url for the verifier specified by env
audienceThe audience an assertion is valid for
assertionAn identity assertion for a given audience
certAn identity certificate from the IdP for the email
bundleA bundled assertion and certificate
New Verified Email
Creates an identity that will be valid for an hour.
New Unverified Email
Stages a new identity with the IdP. Use the returned verification token to complete the account creation.
New Assertion and Email
Get a new verified email and an assertion, valid for two minutes, for the named audience.
Audience must include the protocol (
https://) and be url-encoded.
For example, rather than
jedp.gov, the audience would be
https%3A%2F%2fjedp.gov. (Though this is a bit cumbersome, we prefer
that the input you're sending to the BrowserID verifier be completely
Like the above, but with explicit parameters for email and password.
If the email is current, the password must be correct.
If the email is not current, a new, verified email will be created with the new password. Not only is this a handy shortcut for account creation, but it also lets you automatically resuscitate accounts that have expired and been canceled.
Note that env is not an option, since the email has already been created for a certain server environment.
Again, the audience must include the protocol and be url-encoded.
Cancel the email account for given email and password. Note that env is not an option in this query, since the email has already been create for a certain env.
You do not need to cancel accounts created with this tool. Email accounts are automatically canceled with the IdP after one hour.
This codebase is currently (December 2014) deployed in the
mozilla AWS account (
351644144250) in the
us-east-1 region. This AWS account is managed by the Mozilla Cloud Services team. The DNS for this account is managed by AWS Route53, again in the
mozilla AWS account. To access this deployed system run
ssh firstname.lastname@example.org. This
ec2-user has ssh keys pulled from the
identity-pubkeys repo at the revision 2f02e7c6cb.