Blog for CosyncJWT
September 24, 2020
Today we are hosting an online event demonstrating the capabilities of CosyncJWT. This talk will be held on Meetup.com
September 2, 2020
The new MongoDB Realm was releases on June 9, 2020 at MongoDB World. This new product replaces the older Realm Cloud service that dates back to before the acquisition of Realm by MongoDB. In essence, the entire backend for Realm Cloud has now been replaced by the MongoDB Atlas tool set. The new product has preserved the front-end API to Realm Cloud for the most part, but there are some significant conceptual differences with the old product — specifically with the security model and backend processing. Also, the new MongoDB Realm product is still in Beta; some features have yet to be delivered and the documentation is still somewhat rough around the edges, as compared to the documentation for Realm Cloud. Overall, the upgrade is positive and addresses a number of issues with the old product.
It took our engineering about two months to fully understand the new product and the changes that would be required to update the CosyncJWT service. There are a number of significant changes to the way JWT tokens are process by new MongoDB Realm, specifically
MongoDB Realm no longer has the concept of an admin privilege user. Rather this is replaced by a server side user with full super user privileges that executes the new backend server functions hosted by Realm.
MongoDB Realm has added support for structured user meta data that is bundled in the JWT token itself. This metadata can be set by the JWT authentication provider and is available to the backend server functions.
MongoDB Realm now provides admin functions to automatically provision the JWT authentication provider of a MongoDB Realm application from a third party service.
After analyzing the new functionality provided by MongoDB Realm, we made the decision to upgrade the CosyncJWT service to fully embrace its new functionality. As usual, what we thought would be a matter of weeks turned into a multiple month long exercise.
April 27, 2020
For the past two months we have all been working under some form of quarantine in one part of the world or another. I am in Raleigh North Carolina trying to put the finishing touches of this first version of CosyncJWT, Tola is in Phnom Penh Cambodia implementing the Node.JS server piece and the Angular JS front end to the CosyncJWT portal. Mary Hermant was in Barbados with her parents trying to coordinate the marketing efforts after a frantic escape from NYC a month ago. Now she is in Toronto under even stricter quarantine measures. Fred Davidson is literally two miles down the road from me, but we have not been able to see ourselves in person in over two months. For a project that purports to solve the remote working problem of authentication for real time collaboration software designed around MongoDB Realm, the entire implementation has been done remotely. I do not think that this would have been possible without Skype’s video conferencing and screen sharing capabilities. Ironically, I have discovered that it is easier to work with someone with a twelve hour time difference with South East Asia, as opposed to a six hour time difference with Europe. The key to making this possible is rigorous punctuality when it comes to meeting times.
As with any project, the last five percent seemed to have taken about thirty percent of the effort. Getting all of the supporting documentation out was almost as difficult as the implementation itself.
In the interest of getting this project out the door, we decided to postpone the implementation of phone number handles in favor of a first version that only supported emails. We do plan on releasing this feature over the next few months, but there were just too many subtleties that had to be addressed to support them in a complete manner. Currently, the only handle type supported by CosyncJWT is an email handle.
The only other feature we are considering right now is a self hosted version of the CosyncJWT service that would be licensed to run on the developer’s servers, independent of CosyncJWT.
If there are any other features that you would need, please let us know.