For the past two months we have all been working under some form of quarantine in one part of the world or another. I am in Raleigh North Carolina trying to put the finishing touches of this first version of CosyncJWT, Tola is in Phnom Penh Cambodia implementing the Node.JS server piece and the Angular JS front end to the CosyncJWT portal. Mary Hermant was in Barbados with her parents trying to coordinate the marketing efforts after a frantic escape from NYC a month ago. Now she is in Toronto under even stricter quarantine measures. Fred Davidson is literally two miles down the road from me, but we have not been able to see ourselves in person in over two months. For a project that purports to solve the remote working problem of authentication for real time collaboration software designed around MongoDB Realm, the entire implementation has been done remotely. I do not think that this would have been possible without Skype’s video conferencing and screen sharing capabilities. Ironically, I have discovered that it is easier to work with someone with a twelve hour time difference with South East Asia, as opposed to a six hour time difference with Europe. The key to making this possible is rigorous punctuality when it comes to meeting times.
As with any project, the last five percent seemed to have taken about thirty percent of the effort. Getting all of the supporting documentation out was almost as difficult as the implementation itself.
Features there were delayed
In the interest of getting this project out the door, we decided to postpone the implementation of phone number handles in favor of a first version that only supported emails. We do plan on releasing this feature over the next few months, but there were just too many subtleties that had to be addressed to support them in a complete manner. Currently, the only handle type supported by CosyncJWT is an email handle.
At this point, there are really two key features that are under consideration for the next version. The first is the ability to offload storage of the private key onto the developer. Currently, the CosyncJWT service stores the private key associated with the JWT RSA public/private key encryption used to encrypt the JWT tokens. We do however store the private key in an encrypted manner within the MongoDB database used by our server. We realize that some developers may have additional security requirements that would not allow us to store their private keys. To address this issue, we plan to implement an API encryption service that the developer can implement in Azure on their side and provide a REST callback to the CosyncJWT service that performs the actual private key encryption. In this new scenario, the CosyncJWT would not hold the private key, rather the developer would hold the private key, but simply provide encryption services to CosyncJWT service. Expect this feature within the upcoming months.
The only other feature we are considering right now is a self hosted version of the CosyncJWT service that would be licensed to run on the developer’s servers, independent of CosyncJWT.
If there are any other features that you would need, please let us know.