The implementor's guide

On November 30th, 2016, Mozilla shut down the persona.org services. Persona.org and related domains will soon be taken offline.

For more information, see this guide to migrating your site away from Persona:

https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers

The Quick setup guide should be enough to get you started, but when building a full production site you'll probably need features that aren't covered in that guide. In this page we've collected features that are commonly needed by sign-in systems, and explained the best-practice way to implement them with Persona.

Call logout() after a failed login: Always call logout() if you reject an assertion, to avoid a mismatch between your idea of the current user and Persona's idea, which can lead to an endless loop of failed logins.

Adding extra email addresses with Persona: How to let your users add secondary email addresses using Persona.

Enabling users to change their email address: How to let your users change their email address using Persona.

Problems integrating with CSRF protection: A problem caused by the interaction between a common mechanism for CSRF (Cross Site Request Forgery) protection and Persona's Observer API.

Supporting users who don't have JavaScript: Persona requires JavaScript. This page has some tips for supporting users who have JavaScript disabled.

Call request() or get() only from a key handler or in response to a keypress: Because Persona uses popup windows, you must call request() or get() only in response to a click or a key press, not some other event.

Testing your system: Some pointers for simulating users logging in and out of your website.