Intridea Blog: Technology, Design, Business

Back to Blog

Get in Touch

Announcing OmniAuth BrowserID

By Michael Bleigh December 21, 2011 in announcements, open source, omniauth, browserid

Medium

I've been following the progress of Mozilla's BrowserID for some time now, and I'm a big fan. Having dove much deeper than most into the quagmire of fragmented authentication I've reached the same conclusion that Mozilla has: ultimately, authentication is a function that should belong to the user agent.

What is BrowserID?

BrowserID is a Single Sign-on service for the web, much like you can implement using OpenID or even Facebook or Twitter. However, BrowserID is fantastic for its simplicity: as an implementation of a simple "verified email" protocol, it is simply a way to be able to obtain the email of a user (and know that it's verified).

For now, this works via a Javascript authentication flow on a website that Mozilla is maintaining. However, the future of this technology is that you would verify your email directly within your browser and would then be able to sign in to supported websites using your browser itself.

But, you ask, why do we want authentication in the browser? Browsers are called User Agents for a reason: they are simply tools that help connect you to the content of the internet that interests you. And a lot of that content right now requires you to manage dozens of different passwords and store sensitive login information with a third party. BrowserID doesn't entirely solve this problem in its nascent web-based form, but once it is integrated into the browser itself BrowserID becomes a single, secure way to access content on the internet.

BrowserID + OmniAuth

I want BrowserID to succeed, and it will only succeed if people start using it. To that end, I've created OmniAuth BrowserID, a simple OmniAuth strategy that works with the BrowserID protocol. You can use it in your application like this:

# in Gemfile
gem 'omniauth-browserid'

# in application
use OmniAuth::Builder do
  provider :browser_id
end

That's it! Now send your users to /auth/browser_id and they will be able to sign in using the BrowserID service. Of course you may prefer to implement your own Javascript flow. That's fine, too, just take a look at the project README for more information about customizing the flow.

BrowserID is an important idea and whether Mozilla's implementation is ultimately the one that gets adopted it's high time we started moving authentication to where it belongs: in the user agent.

Tags:

announcements open source omniauth browserid
← Previous Post ↑ Back to Top → Next Post
Medium

Michael Bleigh

Michael has been with Intridea since 2007 and works to build Intridea's portfolio of products. With many years of experience working as both a designer and a developer, Michael specializes in helping to bridge the gap between the back-end development and the front-end design of a project. Michael is a prolific member of the Ruby on Rails community, having released popular open source libraries such as OmniAuth and spoken at conferences including RailsConf and RubyConf.

More from our blog

On Becoming an Intridean

Read Now →
X

More posts by Michael Bleigh

 Michael Bleigh

To the troubling idea isn't about what signal you're sending to your employee...
Michael Bleigh

Node.js has a pattern that I personally enjoy: if you require a directory, it...
Michael Bleigh

Last weekend I had the opportunity to speak at RubyConf 2012 about a topic th...