注意: 不是所有的浏览器都支持这项功能. 使用 Persona 的网站必须在他们的页面中包含 polyfill library .


This function registers callbacks that respond to a Persona user logging in or out.

  loggedInUser: '',
  onlogin: function(assertion) {
    // A user has logged in! Here you need to:
    // 1. Send the assertion to your backend for verification and to create a session.
    // 2. Update your UI.
  onlogout: function() {
    // A user has logged out! Here you need to:
    // Tear down the user's session by redirecting the user or making a call to your backend.


loggedInUser 可选
NOTE: This parameter was renamed from loggedInEmail in early September. Both names will continue to work for the time being, but code should be changed to use loggedInUser instead.
The email address of the currently logged in user. This should be a string containing the user's email address if the website believes that a user is currently logged in, or null otherwise. If the website is unsure, this should be set to undefined or omitted.
Persona compares its knowledge of the local user to the value of loggedInUser to determine which callback—onlogin, onlogout, or none at all—to automatically invoke when your page loads. If loggedInUser is undefined or omitted, Persona will invoke either onlogin or onlogout, depending on whether or not a local user should be logged in to your site. These callbacks are not invoked automatically if both BrowserID and loggedInUser agree on the local user's state.
Note that Persona may automatically call either onlogin or onlogout when your page loads, but not both. If loggedInUser is set to, but Persona believes should be logged in, only onlogin will be called. It will have an assertion for as its first parameter.
A function which will be invoked and passed a single argument, an assertion, when the user logs in. This function should send the assertion to the site's backend for verification. If verification succeeds, the backend should establish a session for the user and the function should update the UI as appropriate.
A function that will be invoked, without any arguments, when the user logs out. This should tear down the user's session by making a call to the site's backend, or by redirecting the user.