- add activeDuration with default to 5 minutes
- add checking for native Proxy before using node-proxy
- add cookie.ephemeral option, default false
- add constant-time check
- adds self-aware check. wont override req.session if already exists
- fix wrong handled of utf8 replacement character
- fix http expiry of cookie to match duration
- fix updating cookie expiry whenever duration/createdAt changes
Gmail Bridge for Persona
Since shifting to the Identity team last year, I’ve been working hard on making Persona a true solution to the login problem of the web. As I said then:
If we do our job right, eventually when my friends ask me what I do, I can say: I helped make it so you no longer need to use passwords everywhere. I helped make your online identity more secure. I helped make signing into the Internet awesomer.
We’re getting closer.
What is the Gmail Bridge?
Today, we’re announcing to the world that our Gmail Identity Bridge is online. Excuse me. What? No, I’m fine. It’s alright, it’s actually quite simple.
The way Persona normally works, after checking to see if your email provider natively supports the protocol, is that Persona will fallback to what we call a secondary provider. This is the point where most users end up creating a password for Persona, and then going to their email to verify to us that they really own their email address. If the email provider did support the protocol, they would get sent over to them to authenticate, and we’d step out of the way.
So, we made an Identity Bridge that we host, and uses Google’s OpenID endpoint to verify the user. The experience is pretty much exactly what it should feel like if there was native support from Google.
Why this matters
With both Gmail and Yahoo bridges online, over half of all users are just a couple clicks away from logging in with Persona.
So how does this affect you? If you have a website that has user accounts, you can switch to using Persona as your authentication system. In most cases, it should be a better experience for your users, and easier for you.
If you don’t have a website, you can still help. Find a website you log in to frequently, and ask them to implement Persona. Tell them about this new bridging. Push for the change.
Soon, everyone will notice: we made signing into the Internet awesomer.
What we know for sure is this: monocultures always make more & faster progress in the near term when they’re stewarded by strong, vibrant leaders. But over time you get stuck. Companies change, sensibilities change. And then you’ve got all the technology, and all talent, and all of the best thinkers, all trapped on one technology stack.—John Lilly on everyone switching to WebKit