As AuthRocket 2 is part of our larger Cosmic suite, all new AuthRocket announcements have moved to The Cosmic Herald (Cosmic’s blog).
Today we’re excited to share with you the next generation of AuthRocket.
Two years ago we started asking some big questions: Given everything we’ve learned, how would we build AuthRocket today? What would we keep? What could we do better? What have we learned from years of discussions with customers?
We gave ourselves freedom to rethink things, without boundaries. How could we simplify not just authentication, but ultimately, app development? Could we make all-things-auth nearly invisible for developers?
The result is AuthRocket 2. We’ve changed some things. We’ve kept other things. We’ve even rebuilt some parts completely.
This is actually just the beginning. We have more in mind yet, but we’re excited to share this much with you now, without waiting any longer.
LoginRocket, our hosted logins and signups feature, has been completely rebuilt. It has a fresh look. More significantly, it now provides user profile management, including updating emails and passwords, enrolling in 2FA, refer-a-friend, and more.
Also new is multi-user (team) accounts management, which includes adding and removing team members, sending invitations, and even permissions management. All this is for your users to self-manage. No more need to build your own UI against our API.
Custom domains for LoginRocket now automatically provision TLS/SSL certs via LetsEncrypt. No need to upload (or pay for) custom certs anymore.
It’s now easier than ever to add your branding to LoginRocket and elsewhere. Upload logos and select colors directly, without messing with CSS or external image hosting.
AuthRocket now supports three different types of invitations:
Prelaunch / closed signups - Not ready to launch publicly yet? Allow visitors to request invitations, and send out those invitations as you’re ready. Or even close signups entirely, but still invite trusted friends and colleagues to try out your app ahead of time.
Refer a friend - Make it easy for users to invite others to signup for your app, helping spread the word.
Join my account - For multi-user accounts, allow users to invite new members to join their account. Account owners can assign permissions ahead of time, which will be automatically added when the new user accepts the invitation and creates a login.
All of these are built-in to LoginRocket, in addition to being available via the AuthRocket API.
When users are members of more than one account, LoginRocket can now help users switch between those accounts. Login tokens will reflect the current account choice, eliminating the need for your app to even know about user-to-account relationships. The API has also been extended to include the same functionality.
Login tokens (which are JWTs) are now OpenID Connect compatible, making it super easy to integrate with OIDC-compatible libraries in your language of choice.
A new JWKS endpoint enables easy retrieval of public login token signing keys, eliminating the need to manage these keys separately. This also makes it easier than ever for SPAs or 3rd parties to validate login tokens without compromising security.
Better still, some of our official libraries now know how to use this new endpoint on their own, making it possible to integrate without worrying about JWT signing keys at all.
Outbound email may now be sent through Mailgun, SendGrid, or your SMTP provider of choice. Login session timeouts are more configurable. We’ve simplified much of the UI.
There are countless other changes that we haven’t covered here. Do let us know if you’re looking for something specific and can’t find it.
AuthRocket 1 customers
If you’re an existing customer, after reading the above you may (quite legitimately) be wondering how this affects your existing account. Does this break things? How long do I have to migrate?
The changes in AuthRocket 2 are far reaching and do break backwards compatibility. Rather than burden you with a forced migration, there’s a better way.
AuthRocket 1 will continue to operate as-is for existing paid customers.
That means everything remains the same—same URLs, same APIs, same features. Nothing to break because your account stays on AR 1.
AuthRocket 1 will continue to receive security updates and bug fixes. As you might guess, there won’t be much in the way of new features though—that’s what AR 2 is for. But, if you’re happy with AR 1, we don’t want to take that away from you.
We’re still working out migration options for those interested in making the jump to AR 2. If that’s something you’d like to do, please contact us.
Please also feel free to signup for a new AuthRocket 2 trial and kick the tires a bit. It’s a separate login, so it won’t interfere with your existing account at all.
Try it out
That’s AuthRocket 2. It’s our best work ever and we really hope you like it.
Want to try it out? Simply signup for a new AuthRocket 2 account and give it a spin.
Logins are separate from AR 1, so if you had an AR 1 login, you’ll need a new login for AR 2.
Questions, concerns, or other thoughts? We’d love to hear from you. Give us a shout.
There have been a couple of notable announcements in the world of social auth lately.
First is the shutdown of Google+ for consumers.
While this sounds ominous, logins with Google will still function, they just have to be processed with a different set of APIs. We already made the necessary changes, so by using AuthRocket you’re up-to-date just like that–clever you!
We also updated logos in AuthRocket and LoginRocket to reflect Google’s ‘G’ branding instead of the older ‘g+’ branding. Apart from the logo, these changes should be completely transparent.
Second is LinkedIn’s new v2 API.
This is a more substantial change as LinkedIn is moving to both new APIs and new permissions. As with Google’s changes, we’ve already updated AuthRocket to work with the new APIs and permissions.
Because of the LinkedIn’s new permissions, your users may be prompted once to reapprove your app during login. Otherwise, the changes should be transparent to you and your users.
Lastly, a bonus for reading to the bottom: we’re hard at work on some significant new features for AuthRocket. (Too hard apparently, as shown by the radio silence of late.) These will make it easier than ever to add authentication to your apps. We’ll have more to share before too long, so stay tuned for an exciting 2019!
Pardon the acronym soup! Today we’re officially announcing the general availability (GA) of two-factor authentication (2FA).
This marks the end of the beta period. If you were holding out on 2FA due to the beta status, we invite you to take another look now that the beta is over.
Since we wrote all about two-factor authentication back when the beta started, we won’t repeat ourselves. Be sure to read that post if you missed it previously.
We’ll also remind you that AuthRocket itself added 2FA a few months back. We definitely encourage you to enable 2FA for your login if you haven’t already. You’ll need a compatible app on your mobile device (Google Authenticator, MS Authenticator, and many others all work just great). Then login and go to Profile -> Two-factor authentication to get started.
Please give us a shout if you have any questions. We’d love to hear from you.
We just released an updated Ruby gem for AuthRocket that includes a much streamlined integration experience when using Rails.
Before, using Rails required some degree of setting up controllers, actions, and helpers to glue everything together. Now, all that’s done for you.
This new behavior is opt-in, so nothing breaks for existing apps. It can be enabled by simply customizing
require when adding the gem to your Gemfile.
gem 'authrocket', require: 'authrocket/rails'
More details are in our Ruby on Rails integration guide.
As always, we’re here for you if you have questions.