Django application for adding BrowserID support.
Python JavaScript
Clone or download
Pull request Compare This branch is 259 commits behind mozilla:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



This is django-browserid, a drop-in Django application that adds support for BrowserID.


You can use pip to install required libraries:

pip install -r requirements.txt


To use django-browserid, add it to INSTALLED_APPS in

    # ...
    'django_browserid',  # Load after auth to monkey-patch it.
    # ...

and add django_browserid.auth.BrowserIDBackend to AUTHENTICATION_BACKENDS in

    # ...
    # ...

Edit your file and add the following:

urlpatterns = patterns('',
    # ...
    (r'^browserid/', include('django_browserid.urls')),
    # ...

You should also add the following in

# Note: No trailing slash

BrowserID uses an assertion and an audience to verify the user. This SITE_URL is used to determine the audience. For security reasons, it is very important that you set SITE_URL correctly.

You can also set the following optional config in (they have sensible defaults):

# Path to redirect to on successful login.

# Path to redirect to on unsuccessful login attempt.

# Create user accounts automatically if no user is found.

Somewhere in one of your templates, you'll need to create a link and a form with a single hidden input element, which you'll use to submit the BrowserID assertion to the server. If you want to use django_browserid.forms.BrowserIDForm, you could use something like the following template snippet:

{% if not user.is_authenticated %}
<a id="browserid" href="{% url gracefully_degrade %}">Sign In</a>
<form method="POST" action="{% url browserid_verify %}">
   {% csrf_token %}
   {{ browserid_form.as_p }}
{% endif %}

If you use browserid_form, it is further recommended that you add django_browserid.context_processors.browserid_form to TEMPLATE_CONTEXT_PROCESSORS; this will create the browserid_form variable automatically in RequestContext instances when needed. That is, in

    # ...
    # ...

You will also need to include JavaScript to power the BrowserID popup and form. You can use django form media at the bottom of your page (see Form Media and Managing static files for more information):

{{ }}


If you don't want to use the static files framework, you'll need to include the file, as well as JavaScript similar to django_browserid/static/browserid/browserid.js:

<script src=""></script>
<!-- Include JS for browserid_form here. -->

Automatic Account Creation

django-browserid will automatically create a user account for new users if the setting BROWSERID_CREATE_USER is set to True in The user account will be created with the verified email returned from the BrowserID verification service, and a URL safe base64 encoded SHA1 of the email with the padding removed as the username.

To provide a customized username, you can provide a different algorithm via your

def username(email):
    return email.split('@')[0]

You can can provide your own function to create users by setting BROWSERID_CREATE_USER to a string path pointing to a function:

# module/
def create_user(email):
    pass  # Create a user here

BROWSERID_CREATE_USER = 'module.util.create_user'

You can disable account creation, but continue to use the browserid_verify view to authenticate existing users with the following:


Creating User Accounts

If you want full control over account verification, don't use django-browserid's browserid_verify view. Create your own view and use verify to manually verify a BrowserID assertion with something like the following:

from django_browserid import get_audience, verify
from django_browserid.forms import BrowserIDForm

def myview(request):
   # ...
   if request.method == 'POST':
       form = BrowserIDForm(data=request.POST)
       if not form.is_valid():
           result = verify(form.cleaned_data['assertion'], get_audience(request))
           if result:
               # check for user account, create account for new users, etc
               user = my_get_or_create_user(

result will be False if the assertion failed, or a dictionary similar to the following:

   u'audience': u'',
   u'email': u'',
   u'issuer': u'',
   u'status': u'okay',
   u'expires': 1311377222765

You are of course then free to store the email in the session and prompt the user to sign up using a chosen identifier as their username, or whatever else makes sense for your site.

Obscure Options

Unless your really noodling around with BrowserID, you probably won't need these optional config in (they have sensible defaults):

# URL of a BrowserID verification service.

# CA cert file for validating SSL ceprtificate

# Disable SSL cert validation


This software is licensed under the New BSD License. For more information, read the file LICENSE.


django-browserid is a work in progress. Contributions are welcome. Feel free to fork and contribute!