A Persona Identity Provider for XMPP servers.
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 11 commits ahead, 22 commits behind mozilla:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



browserid-xmpp is a BrowserID Identity Provider for XMPP servers. It allows Jabber IDs to be used as identities to authenticate with Mozilla Persona.

A Work In Progress.


You'll need an XMPP server running on the same domain that hosts the files. The XMPP server or a third party component like Punjab should support BOSH.

Your XMPP server should support external components. This component has been tested with Prosody and ejabberd (use ejabberd_service).

The XMPP component is written in node. npm should automatically install required dependencies.

This program also includes the strophejs library and the strophe.rpc.js, both distributed under the terms of the MIT license.


git clone git://github.com/nikhilm/browserid-xmpp.git

You must install the dependencies:

cd browserid-xmpp
npm install

Create a config file. Example config/local.json

  "jid": "Persona component JID as setup on the XMPP server",
  "password": "Component shared secret",
  "host": "XMPP server (usually",
  "port": XMPP component connect port number,
  "issuer_hostname": "Your domain name",
  "pub_key_path": "var/key.publickey",
  "priv_key_path": "var/key.secretkey"

Generating the Keypair

Both your IdP service and the Certifier must share a public key. The Certifier, requires both a private and public keypair.

Do the following:

mkdir var
cd var/

You should now see a key.publickey and key.secretkey in the directory. This matches your local.json config.

You'll also want to import or re-use this key.publickey in your IdP's /.well-known/browserid file.

cd ..
mkdir client/.well-known
./scripts/gen_well_known_browserid.py var/key.publickey > client/.well-known/browserid

Configuring the client

Your HTTP server will need to serve the files in client/.

client/.well-known/browserid should be served at the top level -- https://example.com/.well-known/browserid. Move it to a different location if that makes sense for your setup.

The URL at which client/ is served must match the entries in the browserid file. Use CheckMyIdP to verify that everything is working.

Copy client/js/config.js-dist to client/js/config.js.

Set bosh_service to the endpoint of your BOSH service. NOTE: Due to Cross Origin restrictions, the BOSH service should be accessible on https://example.com and not https://example.com:5280. If your website is fronted by nginx, the easiest way is to add a location entry:

location /http-bind/ {
    proxy_pass  https://example.com:5280/http-bind/;
    proxy_buffering off;
    tcp_nodelay on;

Configuring the XMPP Server

The component address should be the jid in the configuration file. browserid.yourdomain.com is a good name. The config file password should be the shared secret.

Running Certifier

CONFIG_FILES=config/local.json npm start


The Certifier component provides an API over Jabber-RPC.

The XMPP client should send a Jabber-RPC method call after authentication. persona-xmpp-client does this by resuming a BOSH session in the provisioning page to get a signed certificate on behalf of the authenticated user.


Arguments (in order):

  • email - The email address for this certificate
  • pubkey - Object compatible with JWT public keys.
  • duration - How long until the certificate expires, in seconds. (Optional)

The response will be: