I recently knocked up a site for internal use at an organisation. I didn’t want to spend a lot of time coming up with a user system – the app is based on Flask so I’d have had to find something to manage users, and then handle password resets, and it’s all just too awful to contemplate.
Having seen a bit about Mozilla’s “Persona” federated authentication (for some reason, confusingly sharing a name with their theme system for Firefox) on LWN I followed the quick setup, set up flask-browserid and a tiny bit of infrastructure to maintain a list of email addresses with access. It took a couple of hours to get going, and another hour to debug a mysterious IE bug – not bad.
The really impressive bit is how it’s worked for the people using the application. I’ve got over fifty people using it, of various levels of computer skill, and I’ve had almost no support burden. I circulated a small document showing people how to get started, but that’s it.
Although Personas is federated, almost everyone is using the fall-back mode where Mozilla certify the identity. In that mode Mozilla let the person set a password, send an email to the person, they click to confirm ownership of the email address, and then (impressively) the login continues the second they click the link.
That fallback mode, and the fact that the system works around email addresses – which people understand – rather then URIs – which people don’t – is no doubt why I’ve found it so successful.
Anyway, it’s worked well. I’d definitely recommend it over coming up with your own user management infrastructure.