Meteor 0.5.0: authentication, user accounts, new screencast

For the past six months we’ve been hard at work on an authentication and user accounts system for Meteor. Today is the day that it all comes together. Meteor 0.5.0, available today, allows you to write secure realtime client-server applications in pure JavaScript. It’s the only system of its kind in the world.

Meteor 0.5.0: authentication, user accounts, new screencast

We’re also releasing a new screencast that shows off what it’s like to develop with these powerful new tools. If you liked the first Meteor screencast you should definitely check this one out. We hope you’ll share it with your friends and coworkers too. If you are looking for Web development company  visit Vivid Designs

We are thankful for the immense amount of support that we received in putting together this release — from those of you on meteor-core and meteor-talk, from those of you who are already using Meteor in commercial environments or making money from Meteor consulting, from everyone who sent pull requests, from those of you that have been giving awesome conference talks and religiously answering questions on Stack Overflow and Quora. Without this support there would be no Meteor. In fact, 0.5.0 contains more community patches than every previous Meteor release combined.

Today’s release includes everything necessary to build and deploy secure applications using Meteor:

• New authentication APIs on the server: a Meteor.allow API that controls which data a Meteor client is allowed to change in the database, and hooks that give the Meteor server control over what data it sends to each client. These core APIs operate at the wire protocol layer, so they establish a strong foundation for security.
• Meteor Accounts, a state-of-the-art user account system built on top of the core Meteor authentication APIs. Accounts provides a set of high-level APIs to manage user accounts, which are stored in the Meteor.users collection. If you are looking for Web development company in Chennai visit Vivid Designs
• Support for the Secure Remote Password protocol. Developed at Stanford, SRP lets a user securely log in to a server without ever sending that server their unencrypted password. The kind of high-profile security breaches at LinkedIn and Pandora earlier this year are impossible with SRP. Instead of asking every application developer to safely store passwords, we’ve baked the very best technology right into Meteor Accounts.
• Smart packages for major OAuth login services, including Google, Facebook, Twitter, GitHub, and Weibo. Packages for additional providers are also available on Atmosphere, a repository for community packages.
• Accounts UI, a set of login, signup, and password reset forms that drop right into an application with one line of code. Accounts UI also provides configuration wizards for each of the OAuth login packages.

All the parts of Meteor work together. Subscriptions automatically rerun when the current user changes, so it’s very easy to publish more documents or extra document fields to authenticated users. The UI widgets automatically reconfigure themselves as you add new login services. Password-based accounts include a password recovery link, and if you deploy to our servers withmeteor deploy there’s absolutely no configuration required to send the reset email. Thescreencast demonstrates each of these, so we hope you’ll take a moment to watch.

Meteor 0.5.0 is a release of the Meteor Framework, a popular full-stack JavaScript framework used for building web and mobile applications in real-time. Meteor simplifies development by providing an integrated environment for building applications with a powerful set of tools.

The Meteor 0.5.0 release introduced several key improvements, especially around authentication, user accounts, and new screencasts to help developers better understand how to use the framework.

Here’s a breakdown of the key features in Meteor 0.5.0:

1. Authentication System

Meteor has a built-in authentication system that simplifies the process of adding user accounts and managing user sessions. In Meteor 0.5.0, the authentication system was enhanced with new functionality:

• Email and Password Authentication: You can now easily implement email/password-based authentication with built-in support.

• Custom Authentication Methods: It’s now possible to add custom authentication strategies, such as third-party OAuth (Google, Facebook, Twitter) or even custom JWT-based systems.

• Password Hashing and Salting: Meteor ensures that passwords are securely stored by hashing and salting them, following best practices in security.

• User Management API: The framework provides APIs for managing users (creating, logging in, updating profiles, etc.) and session management.

• Auto-login: With the Accounts package, Meteor ensures that users stay logged in between sessions, saving time and enhancing the user experience.

Key Features of Meteor Authentication:

• Automatic Session Management: Meteor automatically manages login sessions, making it easy to handle user states.

• Built-in Validation: You get built-in validation for email formats, password strength, and duplicate email addresses.

• Customizable UI: You can customize the login forms and the account management UI according to the app’s needs.

• Forgot Password Flow: Integrated password reset system, complete with secure email verification.

2. User Accounts

The User Accounts package is an important feature in Meteor, allowing developers to quickly integrate user authentication and account management features into their applications. In Meteor 0.5.0, User Accounts was expanded to include:

• Account Management: You can now manage users (create accounts, log in, reset passwords, etc.) with minimal effort.

• User Profile Management: Allows users to update their profile information such as name, email, password, and other custom fields.

• User Roles and Permissions: Meteor’s authentication system now supports user roles, so you can define different permissions for different types of users.

• Social Logins: With OAuth support, users can sign up or log in using their social media accounts (Google, Facebook, Twitter, etc.).

3. New Screencast

Meteor 0.5.0 also introduced new screencasts to help developers understand and leverage the updated features. These screencasts serve as visual tutorials for developers, guiding them through various aspects of the Meteor framework.

• Screencast on Authentication: A step-by-step video showing how to implement authentication in a Meteor application, including email/password login, third-party OAuth, and managing user accounts.

• User Accounts Screencast: A screencast focused on managing user data, integrating profiles, roles, permissions, and how to securely handle account-related tasks.

• Meteor Basics: A new introduction screencast aimed at beginners, covering the fundamentals of the Meteor framework.

• Advanced Meteor Concepts: For intermediate and advanced developers, this screencast dives deep into topics like security, data synchronization, and real-time updates.

4. Integration with Third-Party Authentication

Meteor 0.5.0’s authentication system integrates well with third-party authentication services. Some of the built-in services supported include:

• Google OAuth: Allow users to log in with their Google account.

• Facebook Login: Users can sign in via their Facebook credentials.

• Twitter Login: Twitter OAuth integration is now supported.

• GitHub Login: For developers who want to authenticate via GitHub.

This feature makes it easier to provide a seamless authentication experience for users, reducing the friction of creating new accounts or remembering login details.

5. Security Enhancements

With the introduction of the authentication system, Meteor 0.5.0 also focused on improving the security of user data:

• Password Hashing: Meteor uses industry-standard methods like bcrypt to hash and salt passwords securely.

• Email Verification: Support for email verification after user registration helps ensure that email addresses are legitimate.

• Cross-Site Request Forgery (CSRF) Protection: Built-in protections are available to prevent CSRF attacks.

6. Overall Improvements in Meteor 0.5.0

In addition to authentication and user account improvements, Meteor 0.5.0 includes several other updates that improve the overall performance and developer experience:

• Reactive Data: Continued focus on reactive programming that automatically updates the UI based on changes in the underlying data.

• Real-time Capabilities: Meteor’s built-in publish and subscribe functionality makes it easy to create real-time applications with minimal effort.

• Simplified Deployment: With the introduction of tools like Meteor Galaxy (the Meteor-specific hosting platform), deployment has become more streamlined and straightforward.

• Performance Enhancements: Several optimizations to improve the speed and responsiveness of apps.

Conclusion

Meteor 0.5.0 is a significant update, especially for developers focusing on building applications with user accounts and authentication. The new features make it much easier to implement secure login systems, integrate third-party authentication, and manage users. With the introduction of new screencasts, developers can quickly get up to speed with the latest features, while security and performance improvements ensure that Meteor remains a solid choice for real-time web and mobile applications.

If you’re building a full-stack JavaScript app and need a quick way to integrate user accounts, authentication, and real-time data, Meteor 0.5.0 makes this process smooth and easy.