Simple Java BrowserID Verifier
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


Thank you for your interest. Mozilla has shut down and this project is not longer mainteined. Look into OAuth 2.0 or other alternatives.

BrowserID Verifier

Build Status Maven Central

Java library for the BrowserID protocol.

This is a verification library for Mozilla Persona written in Java. It allows to easily authenticate web application's users by veryfing BrowserID assertions.

The only external dependencies are SLF4J and json.org1.

To use it just write something like:

BrowserIDResponse loginRepsonse = verifier.verify(assertion, AUDIENCE);

Find a simple, yet complete live sample here with its source code.

How to use it

1. Add it as a dependency

Its Maven coordinate is info.modprobe:browserid-verifier:<version>; in a pom file it would look like:



2. Use it

On the server side:

final Verifier verifier = new Verifier();
final BrowserIDResponse personaResponse = verifier.verify(assertion, audience);
final Status status = personaResponse.getStatus();

if (status == Status.OK) {
	/* Authentication with Persona was successful */
	final String email = personaResponse.getEmail();"Signing in '{}'", email);
	HttpSession session;
	if ((session = req.getSession(false)) != null) {
		// Prevent session hijacking
	session = req.getSession(true);	
	session.setAttribute("email", email);

} else {
	/* Authentication with Persona failed */"Sign in failed: {}", personaResponse.getReason());

Complete example

On the client side:

<button type="button" onclick=";">Sign in - Sign up</button>
<button type="button" onclick=";">Sign out</button>
	<script src=""></script>

	<script type="text/javascript">
		var currentUser = '${}';
		if(!currentUser) {
			// If falsy set it to the literal null
			currentUser = null;
			loggedInUser : currentUser,
			onlogin : function(assertion) {				
				loginRequest = $.ajax({
					type : 'POST',
					url : 'in',
					data : {
						assertion : assertion
				loginRequest.done(function(res, status, xhr) {
				});, status, error) {;
					alert("Login error: " + error);

			onlogout : function() {
				logoutRequest = $.ajax({
					type : 'POST',
					url : 'out'
				logoutRequest.done(function(res, status, xhr) {
				});, status, error) {
					alert("Logout error: " + error);


Complete example

  1. This implies that the use of the software is restricted for Good.

This project is based in code from