Good news!  You asked for an easy way to add Social Authentication and that’s what we’ve done.  So far, we’ve added support for Facebook and Google, by far the two most popular social login providers.  Worldwide, these two make up over 79% of all social logins accounted for.  And we’re in the process of adding others.

We’ve done the hard work of integration and have simplified everything into a single, unified API.  If you already have traditional, password-based logins working with AuthRocket, no additional code is required.  Once logins are setup, social auth is enabled with a couple of clicks.

See just _how _easy it is here.

If you don’t have standard logins integrated with your app yet, don’t worry.  It’s easy and now places a variety of authentication methods at your command.

AuthRocket’s social auth works with all types of logins: LoginRocket (hosted logins), authrocket.js, and self-hosted login pages.

With LoginRocket, your default login page will look something like this:

As always, you are free to style your login page however you like, so that it matches the rest of your app.

Why social logins?

You’re probably aware already: Up to 80% of web users choose a social authentication option when available (source: Harvard Business Review).  As well, Facebook claims that social auth increases signup rates by 30-200%.  While your results will depend on the type of app you are developing, for a large portion of apps, having a social authentication option means increased signups.  It also provides a more convenient registration process and reduces problems with lost user accounts/passwords.

Social auth is currently in beta but is fully functional for Facebook and Google.  Additional providers will be added before general release.

We’d love to help you get social auth working for your app.  Email anytime.

Today we have great news about signups for your apps!

In the past we’ve supported two workflows for signups: authrocket.js and direct API.

Now we’ve added a third workflow and it’s the fastest and easiest way yet to add signups to your app: hosted signups.

Hosted Signups

Much like hosted logins, hosted signups offload the entire signup form to us, freeing you from having to deal with it.

It’s all cleanly integrated into LoginRocket, providing a unified login and signup experience for your users. Any customization you’ve done for logins will automatically apply for signups too.

It can all be enabled with nothing more than a checkbox:

That checkbox gives you this:

Streamlining Signups

We didn’t stop there though. We also rethought the handoff from AuthRocket to your app.

Up until this point, authrocket.js has always generated a special signup token (a User Token) that enabled you to create the actual User record. This process is very flexible and makes it easy to add things like payments into the signup workflow.

But what if your app doesn’t need that flexibility? Could things been even simpler?

Turns out, the answer is yes!

We’ve added a new option that causes signups to directly create the User record. And, instead of sending you a signup token, the user is automatically logged in and your app is sent a login token–identical to the normal login process.

This means that it’s now possible to add hosted signups to your app with no extra code at all–the existing code for logins is sufficient.

If you need to create any kind of local records for the new user, we added a signup=true query parameter to the incoming URL. Or, you can simply check for the existence of those records at login and create them when missing.

 Hosted signups are live today.

The new streamlined signup process, creating Users directly, is now an available option for hosted signups and authrocket.js. The older process of creating signup user tokens remains fully supported and can now be used for hosted signups as well as authrocket.js.

Let us know if you have any questions. We’re always just an email away!

We have a lot planned for 2015. Today we’re excited to make our first announcement of the new year.

Managed Sessions

You may have occasionally been on a site that could show you all outstanding sessions, even from different devices. Often they have the ability to terminate those sessions too.

This provides both added security and peace of mind. Security by ending forgotten sessions. Peace of mind in knowing what sessions are (or aren’t) still active.

With our new Managed Sessions, your site can have this too. As usual, we’ve distilled it down to a super simple API.

As you can see, managed sessions also track IPs and client information (brower’s user agent, mobile app identifier, etc.), making it easy to see which session is which.

To give everyone a taste, we’ve enabled it for all plans. Our Develop and Grow plans support sessions up to 24 hours–useful for both normal, everyday logins and development/testing. Our Accelerate and higher plans support sessions up to a year–perfect for modern applications with multiple authentication channels.

For configuration, see Realm Settings in our UI or the Realms API. Also see Sessions Concepts or the Sessions API.

Login tokens

Next up, let’s talk about login tokens. We’ve used login tokens from the beginning. But now we’ve made them intelligent.

Login tokens are now JWT-encoded. If you’re not familiar with JWT (JSON web tokens), a quick background is in order.

JWT is a standardized way of securely encoding data and sending it between a user and one or more backend services. JWTs look like ordinary strings, so they’re easy to pass around. They’re cryptographically signed, so they can’t be changed without detection. And they can contain actual data, making them perfect for login tokens.

All of AuthRocket’s login tokens are now JWT compatible. For legacy code, this changes nothing. Our system will still accept the whole token and perform login event validation as it always has.

For new (or updated) code, this opens up a new world of opportunities though. Our login tokens can now be verified and checked for expiration without making an API call, which has the potential to speed things up a bit.

The tokens also contain basic user information, such as user ID and name. This enables your app to quickly show things like your user’s name on a nav bar without making an API call just for that.

The new login tokens are also really well suited for use with today’s Javascript frameworks, such as Angular, Backbone, or Ember. Parse them client-side (without verification) for UI display and management and send them to your app server (which parses them with verification) too.

For more, read our login tokens docs.

 Questions? Thoughts? As always, we’d love to hear from you.