I'm fairly new to pyramid and mozilla persona and I would greatly appreciate some assistance with a problem I'm having. Following the pyramid_persona documentation, I did manage to get persona working (or so I thought). I then tried customizing my login process as discussed on
https://pyramid_persona.readthedocs.org/en/latest/customization.html.
In the customized login example given, the login function redirects to '/' if the verified email is not on the whitelist. I'm redirecting to a loggedout view that calls navigator.id.logout() inside $(document).ready. According to
https://developer.mozilla.org/en-US/docs/Mozilla/Persona/The_implementor_s_guide/Call_logout%28%29_after_a_failed_login?redirectlocale=en-US&redirectslug=Persona%2FThe_implementor_s_guide%2FCall_logout%28%29_after_a_failed_login, you must call navigator.id.logout() on a failed login to avoid an endless loop of failed login attempts.
The documentation on
https://developer.mozilla.org/en-US/docs/DOM/navigator.id.logout further states: "This function does not make the browser clear the user's certificate and signing key. So after calling
logout(),
a new login attempt may or may not ask the user for a new password,
depending on the freshness of the certificate their identity provider
gave them.
However, it will certainly prompt the user to select an email
address and confirm that they want to sign in." I'm not seeing the behavior where the user is prompted to select an email address and confirm they want to sign in.
After logging out via the pyramid_persona logout button or as a result of using an email address not on my whitelist (both paths do call navigator.id.logout), if I attempt to go to one of the application's urls which require permissions, I'm redirected to the forbidden view (with the mozilla persona login button). This redirection is expected behavior, but it then immediately executes the login sequence without hitting the mozilla persona login button. To prevent the auto-relogin behavior, I also have to go to
https://login.persona.org and click the "Sign Out" button after logging out of the application. I get this auto-relogin behavior whether I use my customized login view or the one provided by pyramid_persona.
I'm sure I'm doing something wrong and I would appreciate some pointers on how to correct this issue. I just found these, so maybe it's not me?
https://github.com/mozilla/browserid/issues/3386https://github.com/mozilla/browserid/pull/3398Thank you in advance for your assistance,
Peter