PyBrowserID

BrowserID is use to power the Mozilla Persona service and is considered one of the most secure and promising authentication systems around.

The PyBrowserID library was developed to allow Python applications to authenticate their users against the BrowserID protocol.

The library is an abstraction layer for the BrowserID protocol, dealing with all authentication procedures automatically and sending the results to the developer in usable form.

What is new in this release:

• Fixed data-decoding bug in fallback crypto routines.

What is new in version 0.7.0:

• Added a pure-python implementation of the JWT crypto routines, for use when M2Crypto is not available.
• Added "from_pem_data" and "to_pem_data" methods to Key objects. Currently these are only available when M2Crypto is installed.
• Added support for delegation of authority; thanks @kylef.
• Use https://verifier.login.persona.org/verify for remote verification

What is new in version 0.6.2:

• Added persona.org and related sites to the list of default trusted secondaries.

What is new in version 0.6.1:

• Disable certificate chaining for now. This feature is not used by any servers in the wild, and the spec for it is going to change soon.

What is new in version 0.6.0:

• Remove ability to use a custom JWT parser class, it's not used and adds needless complexity.
• Added a way to skip the SSL verification when getting certificates with the CertificateManager.

What is new in version 0.5.0:

• Added support of requests rather than custom code for ssl checking when retrieving certificates.
• Removed patch utility for secure_urlopen (we are now using requests).
• Added more verbose errors when dealing with RSA/DSA Keys.

What is new in version 0.4.0:

• Renamed from PyVEP to PyBrowserID, in keeping with Mozilla branding.
• Audience checking now accepts glob-style patterns as well as fixed audience strings.
• Verifier objects now accept a list of audience patterns as their first argument. This is designed to encourage doing the right thing rather than, say, passing in the hostname from the request.
• Allowed LocalVerifier to use of a custom JWT parser.
• Removed browserid.verify_[remote|local|dummy] since they just cause confusion. You should either accept the defaults provided by the browserid.verify function, or use a full-blown Verifier object.
• Split certificate loading and caching into a separate class, in browserid.certificates:CertificatesManager.
• Removed the DummyVerifier class in favour of supporting functions in browserid.tests.support.