Background Image
Table of Contents Table of Contents
Previous Page  270 / 478 Next Page
Information
Show Menu
Previous Page 270 / 478 Next Page
Page Background

Do let me know via

obeythetestinggoat@gmail.com

if you feel there’s any

particular sections where I don’t explain things well, or where I’m

going too fast.

Mozilla Persona (BrowserID)

But which federated authentication system to use? Oauth? Openid? “Login with Face‐

book”? Ugh. In my book those all have unacceptable creepy overtones; why should

Google or Facebook know what sites you’re logging into and when? Thankfully there

are still some techno-hippy-idealists out there, and the lovely people at Mozilla have

cooked up a privacy-friendly auth mechanism they call “Persona”, or sometimes

“BrowserID”.

The theory goes that your web browser acts as a third party between the website that

wants to check your ID, and the website that you will use as a guarantor of your ID. The

latter may be Google or Facebook or whomever, but a clever protocol means that they

never need know which website you were logging into or when.

Ultimately, Persona may never take off as an authentication platform, but the main

lessons from the next couple of chapters should be relevant no matter what third-party

auth system you want to integrate:

• Don’t test other people’s code or APIs.

• But, test that you’ve integrated them correctly into your own code.

• Check that everything works from the point of view of the user.

• Test that your system degrades gracefully if the third party is down.

Exploratory Coding, aka “Spiking”

Before I wrote this chapter all I’d seen of Persona was a talk at PyCon by Dan Callahan,

in which he promised it could be implemented in 30 lines of code, and magic’d his way

through a demo—in other words, I knew it not at all.

In

Chapter 10

and

Chapter 11

we saw that you can use a unit test as a way of exploring

a new API, but sometimes you just want to hack something together without any tests

at all, just to see if it works, to learn it or get a feel for it. That’s absolutely fine. When

learning a new tool or exploring a new possible solution, it’s often appropriate to leave

the rigorous TDD process to one side, and build a little prototype without tests, or

perhaps with very few tests. The goat doesn’t mind looking the other way for a bit.

This kind of prototyping activity is often called a “spike”, for

reasons best known

.

242

|

Chapter 15: User Authentication, Integrating Third-Party Plugins, and Mocking with JavaScript

1 265 266 267 268 269 270 271 272 273 274 275 276 478  FlippingBook