Adding extra email addresses with Persona

  • Revision slug: Mozilla/Persona/The_implementor_s_guide/Adding_extra_email_addresses_with_Persona
  • Revision title: Adding extra email addresses with Persona
  • Revision id: 396615
  • Created:
  • Creator: Sheppy
  • Is current revision? Yes
  • Comment Moved From Persona/The_implementor_s_guide/Adding_extra_email_addresses_with_Persona to Mozilla/Persona/The_implementor_s_guide/Adding_extra_email_addresses_with_Persona

Revision Content

It's a good idea to allow your users to add extra email addresses to their account. This enables users to change their email addresses, and to access their account with you even if they are unable to access their primary email account.

You'll need to verify the extra address. You can do this manually, by sending an email to the new address containing a verification link, or by using Persona itself.

If you use Persona to add email addresses, then you need to be aware of a couple of things: make the context of the request clear, and update the value you pass into loggedInUser to ensure that the transaction isn't broken by Persona's session management.

Clarify the context of the request

When you request a new assertion using with either the old {{ domxref("navigator.id.get()")}} API or the {{ domxref("navigator.id.request()")}} API, Persona expects that the user is trying to sign into a website, and the user interface it displays reflects that. If you are using Persona just to get a new verified email address, your site needs to make this clear to users, so they are not confused by the Persona dialog.

Update loggedInUser

If you're using the {{ domxref("navigator.id.get()")}} API in the rest of your site, then you can just make a new {{ domxref("navigator.id.get()")}} call to get the extra email address.

But if you use {{ domxref("navigator.id.request()")}}, then you must also use {{ domxref("navigator.id.request()")}} to get the extra email address. In this case, when you have verified the assertion inside your onlogin handler, you must update the loggedInUser argument to {{ domxref("navigator.id.watch()")}} with the new email address.

If you don't do this, then there will be a mismatch: Persona will think the logged in user is new_emailaddress@example.org, but your website will be telling it that the logged in user is old_emailaddress@example.org. In response, Persona will fire onlogin with an assertion for new_emailaddress@example.org, which your website will probably interpret as a new user signing up.

Revision Source

<p>It's a good idea to allow your users to add extra email addresses to their account. This enables users to <a href="/Persona/The_implementor_s_guide/Enabling_users_to_change_their_email_address">change their email addresses</a>, and to access their account with you even if they are unable to access their primary email account.</p>
<p>You'll need to verify the extra address. You can do this manually, by sending an email to the new address containing a verification link, or by using Persona itself.</p>
<p>If you use Persona to add email addresses, then you need to be aware of a couple of things: make the context of the request clear, and update the value you pass into <code>loggedInUser</code> to ensure that the transaction isn't broken by Persona's session management.</p>
<h3 id="Clarify_the_context_of_the_request">Clarify the context of the request</h3>
<p>When you request a new assertion using with either the old {{ domxref("navigator.id.get()")}} API or the {{ domxref("navigator.id.request()")}} API, Persona expects that the user is trying to sign into a website, and the user interface it displays reflects that. If you are using Persona just to get a new verified email address, your site needs to make this clear to users, so they are not confused by the Persona dialog.</p>
<h3 id="Update_loggedInUser">Update loggedInUser</h3>
<p>If you're using the {{ domxref("navigator.id.get()")}} API in the rest of your site, then you can just make a new {{ domxref("navigator.id.get()")}} call to get the extra email address.</p>
<p>But if you use {{ domxref("navigator.id.request()")}}, then you must also use {{ domxref("navigator.id.request()")}} to get the extra email address. In this case, when you have verified the assertion inside your <code>onlogin</code> handler, you must update the <code>loggedInUser</code> argument to {{ domxref("navigator.id.watch()")}} with the new email address.</p>
<p>If you don't do this, then there will be a mismatch: Persona will think the logged in user is <code>new_emailaddress@example.org</code>, but your website will be telling it that the logged in user is <code>old_emailaddress@example.org</code>. In response, Persona will fire <code>onlogin</code> with an assertion for <code>new_emailaddress@example.org</code>, which your website will probably interpret as a new user signing up.</p>
Revert to this revision