Setting up a MongoDB Realm Application for JWT authentication/authorization using CosyncJWT is very easy.
In a first step, the developer must create an application in the applications section of the Cosync Portal website. When so doing, the developer must turn on the JWT ENABLE ON switch.
This developer can also set this toggle from the Settings tab within the Application Detail. For JWT enabled applications, the Cosync Portal will present a number of additional tabs within the Application Detail to control JWT specific settings. These tabs include:
- JWT
- JWT Users
- Keys
- Email Templates
The JWT tab provides most of the settings that are JWT specific including two-factor verification, application invites, application signup flow, meta-data format, and password filtering. The JWT Users tab presents an admin control panel for managing all users who have onboarded into the JWT enable application. The Keys tab presents both the Realm Public Key and the App Token. The Realm Public Key is the public variant of the RSA public/private key pair that is used to encrypt JWT tokens for the authentication process. The public key is set within the MongoDB Realm Application portal as the signing key as described in the MongoDB Documention. The App Token is what enables the developer to call the Cosync REST API Service from a client device to actually perform the JWT authentication on behalf a user.
The Email Template tab presents a number of panels used to customize the look and branding associated with emails and text messages sent out by the CosyncJWT authentication service to client application users.