Add Persona Log in to Diaspora

There's an OmniAuth strategy for BrowserID, assuming nothing has changed except the name, it should work with Persona. https://github.com/intridea/omniauth-browserid

We're already using OmniAuth for Twitter and Facebook account linking anyway, might as well use it to its full potential.

Steven : the process of the JSON is really simple to do with any programming language (I did it using Java, Ruby can do it easily too.)

@Flaburgan Yeah, I see there are plugins for Drupal and Wordpress too.. none for MediaWiki but that wouldn't be too hard to do.

Even better than the OmniAuth strategy, I see that there's a Devise plugin for this and it's written by a Diaspora contributor/podmin. :)

https://github.com/denschub/devise_browserid_authenticatable

There is probably a plugin for MediaWiki somewhere, I'll search (I'm a Mozilla contributor)

Mozilla Dev answer : "there isn't one yet. I tried to write one and ran into the problem that media wiki does not support querying its user database by email, this is because an email is not required to access an account. I asked a Wikipedia developer about this and he said there were no plans to add it and that if I wanted that functionality, I would have to write it - of which I did not have time."

got the drupal module enabled, please try

When i enter my credentials the redirect target is not found.

Cannot try, I get an error when I try to load the page in Chrome. Notice: Undefined variable: default_container_width in include() (line 16 of /var/www/vhosts/d7_themes/beta/templates/page.tpl.php)

Should I try another browser?

http://lloyd.io/how-browserid-works

Is Persona safe? How do Mozilla manage my data?

Persona ToS and PP:

https://login.persona.org/privacy
https://login.persona.org/tos

An unknown error occurred while attempting to validate your BrowserID login. After clicking "OK," you will be redirected ...
with FF and chromium

groove LOGGING OFF for a few hours cu

Cu later Groove! You did a great job today.

Altruism - if some log in feature is added no one forces you to use it :) So voting should be based on whether this would make D* more better and accessible - not on personal usage patterns :)

@Jason Not to mention we already allow linking to Facebook accounts. As someone who uses both, I'd have to say Mozilla's privacy policy (and the way they treat your personal information in general) is much more acceptable than Facebook's.

As a general principle anything making it easier to join a D* pod should be done IMHO. Hell, why not even creating an account by using your Facebook or Google credentials.

But we have to remember to make sure in any option (Persona too) that the user should be able to switch their log in method to a pure D* account if for example they stop using the other service. I think this is critical.

"Altruism - if some log in feature is added no one forces you to use it :) So voting should be based on whether this would make D* more better and accessible - not on personal usage patterns :)" Aha, I have not voted or expressed something that would indicate on the contrary. I do not understand why you are telling me this, care to explain?

altruism, just referring to your comment on whether Persona log in possibility will endanger your data. So I assumed you we're considering your own data relating to this proposal.

Sorry if my assumption was wrong.

So, is someone who know how the actual log in works want to work with me on that ?

I never contribute nor look at the Diaspora code for the moment...

I think if we include it, we should be very clear about safety and privacy. Some people present are more open, which is fine, but I think we should be able to explain to users what the risks/benefits are for using this.

Disclosure is an honorable thing and it creates trust, and that's what will bring in more users. Not convenience.

That's why I proposed Persona. Mozilla is a foundation and I trust in it.

Flaburgan, it has to be clear to new users that he/she can trust Mozilla. Not everybody is involved in the Mozilla Foundation as you are :)

True, but I'd think most people know what Mozilla is thanks to Firefox. The real question is, how do they know (without visiting persona.org) that Persona is run by the same people who brought us Firefox? :)

I don't know what the issue with trust is since only people who already have a Persona log in are likely to use this option ;)

It's like a "Log in with Facebook" button. Only people with Facebook accounts are going to press it.

So, here we go ?

Then we just wait for someone to code it :)

What would be particularly interesting wouldn't just be having Persona to log in to a pod. I think it'd be really interesting if we could modify Persona for, say, decentralized app authentication. Just put in your Diaspora handle and password to log in to a site, and it could work similarly to "Log In With Facebook", only it'd be decentralized. Maybe other socnets could use it as well somehow, then we might just have a standard, secure way of authenticating apps using whatever decentralized platform you want.

There's already a decentralized method for authentication: OpenID. I bet there's a gem or so to make a rails app an OpenID provider. If not might be worth creating one instead of hacking a unsuited protocol. Might look into that if the pressing refactoring stuff is done (or I'm bored of it :P). Shouldn't stop anyone from trying earlier.

Interesting! I just finished reading a basic comparison between OpenID and oAuth, what benefits does OpenID provide that oAuth falls behind on?

Also relevant: I've found a gem for adding Persona login to Rails apps. If we want Persona on pods for just user login, this might provide something interesting: https://github.com/bobjflong/persona_on_rails

It looks like it actually might be fairly trivial to implement. Might merit some experimentation?

Uhm did you read everything? Steven already linked Dennis devise strategy ;)

Back to OpenID vs oAuth: OpenID is as said decentralized. oAuth requires the clients to have some key and secret beforehand therefore we would need to hack the oAuth flow (what we did for a while but DInc removed that again) to allow automatic client registration. Requiring the client developers to register at every possible pod and every new pod popping up is… highly unrealistic.

Was much farther down in the conversation; admittedly I missed it on mobile. ;) I'll check it out.

As for the problem of having to register every possible pod: totally makes sense. That would be a nightmare to deal with, at least without that hacked flow.

Apparently, we got rid of the oauth_provider gem due to circular dependencies. Either way, we can agree that a better implementation than a hackified oAuth is needed in the long run.

"I think it'd be really interesting if we could modify Persona for, say, decentralized app authentication"

No need to modify Persona : it just links your browser with your email, so in every website which support it, you are logged.

The best way to do it is to transform the pod in a Mozilla Persona Provider : The pod will certify the authentication, and a diaspora handle will become an Internet identity. So an inscription on Diaspora will be enough to use the system (no need to register to anything with Mozilla). Moreover, a diasporan will be able to connect on each site allowing to connect using Persona (like diaspora-project, but why not Loom.io, and others !) without registering !!