Skip to content
This repository has been archived by the owner on May 10, 2019. It is now read-only.

Verifying assertions on a client-side application #4222

Open
lewisl9029 opened this issue May 11, 2015 · 0 comments
Open

Verifying assertions on a client-side application #4222

lewisl9029 opened this issue May 11, 2015 · 0 comments

Comments

@lewisl9029
Copy link

I'm exploring implementing Persona logins for a purely client-side application, and am getting blocked by the lack of CORS support on the https://verifier.login.persona.org/verify endpoint.

I found this old issue describing your rationale for removing CORS support: #767

These issues don't really apply to my application though because all user data is encrypted with a separate user-defined password that has nothing to do with Persona, so intercepting the assertions alone won't get an attacker anywhere.

I'm mostly looking to use Persona to provide users a familiar email-based login experience and email verification process for a client-side application that won't have any other means to verify emails (so I can make use of the email as an unique user identifier inside the application).

I'm assuming there are no plans to re-enable CORS support anytime soon? If so, do I have any other options besides running a server just to proxy requests to the /verify endpoint?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant