In association with heise online

18 October 2012, 10:31

Meteor JavaScript framework gets authentication

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Meteor logo The developers of the auto-synchronising JavaScript-based web application framework, Meteor, have announced the availability of version 0.5.0. The headline feature of 0.5.0 is the promised native authentication and user account support built into the platform.

Meteor impressed developers when it launched in April 2012 with its unified client/server approach that allowed a coder to create an editable form and see it automatically update on another screen viewing the same form. Developers can also update the database and see the updates on all the clients, all without any extra code. The collaboration potential of the framework, created by a team that included the author of EtherPad who went on to work on Google's Wave, was viewed as very high, but developers had to come up with their own authentication and user management schemes and work out how to control what those users saw. The developers had promised, and have been working on, a solution to the authentication issue since the launch of Meteor.

Version 0.5.0 of Meteor should see the end of those problems. It adds a new authentication API that controls what data a Meteor client can see and hooks for servers to control what data they send; the API works at the wire protocol level so should offer a solid foundation for future security work. For managing users, the Meteor developers have added Accounts.api, which supports not only locally defined users but also logins provided by Facebook, Github, Google, Twitter or Weibo. Other OAuth login services can also be supported.

To handle the user accounts frontend, a set of login, sign up and password reset forms can also be included "with one line of code". Passwords in Meteor are handled with Secure Remote Password protocol, which ensures that the user's password is not sent unencrypted to the server and is resistant to a number of attack methods. A screencast from the developers shows how the new tools can be used to secure an application.

The developers noted that this release of Meteor includes more community patches than all the previous Meteor releases combined, which seems to indicate that Meteor is maturing both its code and community well. Meteor 0.5.0 is available for installation, and the project's source code is available on Github. Meteor is distributed under an MIT licence.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit