As of January 2016, Persona is being shut down by Mozilla, so it's no longer recommended for use on Code for America projects. Here are Mozilla's Shutdown Guidelines for people who rely on the service.
Mozilla Persona, also called BrowserID, is an identity service for website login:
Persona replaces multiple passwords.
Within Persona, your identity is your email address. You can use as many email addresses as you want, but you still only need one password.
Identity means that Persona can tell you with confidence that a user with a given email address is on your site. Authorization is what you decide to do with that knowledge: whether that user is allowed to see private data, or change data. Team Louisville used Persona in 2013 to secure their app, read their extensive notes on our blog.
Mozilla Persona is (NO LONGER, SEE ABOVE) our first choice for login features in an app. Its use is not mandated, but you should have a great reason not to. Code for America projects currently using Persona include Engine Light, Oakland Answers, Louisville Jail Dashboard, Long Beach AddressIQ, and Oakland RecordTrac.
Follow the Quick Setup guide from Mozilla:
Adding the Persona login system to your site takes just five steps:
- Include the Persona JavaScript library on your pages.
- Add “login” and “logout” buttons.
- Watch for login and logout actions.
- Verify the user’s credentials.
- Review best practices.
Steps 1-3 all take place client-side, and can be implemented in HTML and Javascript. Persona works in most browsers:
Internet Explorer: 8.0, 9.0, 10.0+
Firefox: Current Stable, Beta, Aurora, Nightly, and Extended Support Releases, Previous Stable Release.
Chrome, Safari, Opera: Latest Stable Release.
iOS Mobile Safari: iOS 5.x — 6.x+
Android Default Browser: 2.2 — 4.x+
To work in IE8, your app must render pages in “standards mode”. See this example change in Oakland RecordTrac from 2013 to trigger standards mode.
More example code from Code for America projects:
- Persona JavaScript library in HTML.
- “Login” and “logout” buttons in Javascript.
- Watching for login and logout actions in Javascript.
- Verifying the user’s credentials in Python, PHP, and Ruby.
- Unit tests to check login in Python.
You can customize the login popup with custom colors (backgroundColor),
your app name (siteName), and a logo (siteLogo), and other details by
passing options to navigator.id.request().
Read more in Mozilla’s IdentityManager.request() documentation.
As of January 2016, Persona is being shut down by Mozilla, so it's no longer recommended for use on Code for America projects. Here are Mozilla's Shutdown Guidelines for people who rely on the service.