CosyncJWT

Summary

CosyncJWT is an authentication provider for developers building applications on top of MongoDB Realm. It is a based on JSON Web Tokens which is an industry standard RFC 7519 method for representing claims between two parties. CosyncJWT provides secure user authentication and identity management through an RSA encrypted public/private key protocol, which it manages on behalf of the developer.

Summary

JWT authentication is based on public/private key encryption. The CosyncJWT provider generates and signs JWT authorization tokens using a private key that is only known to the developer. The MongoDB Realm database stores the public key to verify the integrity of the JWT authorization token. In addition to generating JWT authorization tokens, the Cosync JWT provider also performs other authentication services such as user registration, two-factor verification, user management, signup, and invitation functions.

The purpose of a CosyncJWT authentication system is to handle routine user authentication and onboarding functions on behalf of a MongoDB Realm application. It also provides a trusted hub for managing the application users and for analyzing signup and invitation flows. Since JWT tokens are based on RSA public/private key encryption, it would be extremely difficult to stand up a man-in-the-middle attack between the Cosync JWT authentication provider and the MongoDB Realm application that depended on it.

MongoDB recommends JWT authentication as the preferred method for authenticating users into a Realm Platform application. CosyncJWT is a simple service intended to save developers time in implementing this functionality.

Terms and Definitions

The CosyncJWT provider is primarily oriented to serving developers, by implementing a robust and secure JWT authentication mechanism for their applications. The service has two components:

  1. Cosync portal website
  2. Cosync REST Service for MongoDB Realm applications

In order to use the service, a developer must register an account through the Cosync Portal website at Cosync Portal.

The primary purpose of Cosync Portal website is to manage user authentication and authorization on behalf of MongoDB Realm applications, along with managing access to the Cosync Storage module. The Cosync Portal provides functionality for a developer to manage application users through a coherent web interface.

The Cosync REST Service provides a runtime service through which a MongoDB Realm desktop/mobile application can perform user authentication.

Authentication