EyeDee.Me is an example Indentity Provider for the BrowserID protocol. This protocol is used by Mozilla Persona to authenticate users across the web.
EyeDee.Me styles itself like an email provider, but does not actually handle any email. Rather, it exists solely as an example for how services, such as email providers, can provide first-class support for BrowserID.
EyeDee.Me requires Node.js, npm, a MySQL database, and a webserver acting as a reverse proxy / SSL terminator. Once those are in place:
-
Clone this repository.
-
Execute
npm install
in the root of your clone to get all of the necessary Node libraries. -
Generate a signing keypair by launching
node
and running:jwk = require("jwcrypto/jwk"); keypair = jwk.KeyPair.generate('RS', 128); console.log(keypair.publicKey.serialize()); console.log(keypair.secretKey.serialize());
-
Store the keys somewhere safe.
-
Create a MySQL user and database:
$ mysql -uroot -p > CREATE USER 'eyedeeme'@'localhost'; > CREATE DATABASE eyedeeme; > GRANT ALL ON eyedeeme.* TO 'eyedeeme'@'localhost'; > FLUSH PRIVILEGES;
You must set four environment variables before EyeDee.Me will function:
-
PUBLIC_KEY
: The public key, as printed by the script above. Default: Ephemeral key, generated at runtime. -
PRIVATE_KEY
: The secret key, as printed by the script above. Default: Ephemeral key, generated at runtime. -
MYSQL_URL
: A connection string for your MySQL database, in the formmysql://user:pass@host:port/dbname
. Default:mysql://[email protected]:3306/eyedeeme
-
PORT
: A port for EyeDee.Me to listen on. Default: random.
Once those are available, you can run EyeDee.me with ./bin/eyedeeme
or
npm start
.
Because the BrowserID protocol requires SSL on connections to Identity Providers, you must also configure a reverse proxy or SSL teminator to accept HTTPS connections and forward them to a running EyeDee.Me instance, such as the one on the port defined above. Otherwise, your users will not be forwarded to your Identity Provider for authentication when logging in to sites with Persona.