Google+ and LinkedIn v2 APIs

There have been a couple of notable announcements in the world of social auth lately.

First is the shutdown of Google+ for consumers.

While this sounds ominous, logins with Google will still function, they just have to be processed with a different set of APIs. We already made the necessary changes, so by using AuthRocket you're up-to-date just like that--clever you!

We also updated logos in AuthRocket and LoginRocket to reflect Google's 'G' branding instead of the older 'g+' branding. Apart from the logo, these changes should be completely transparent.

Second is LinkedIn's new v2 API.

This is a more substantial change as LinkedIn is moving to both new APIs and new permissions. As with Google's changes, we've already updated AuthRocket to work with the new APIs and permissions.

Because of the LinkedIn's new permissions, your users may be prompted once to reapprove your app during login. Otherwise, the changes should be transparent to you and your users.

Lastly, a bonus for reading to the bottom: we're hard at work on some significant new features for AuthRocket. (Too hard apparently, as shown by the radio silence of late.) These will make it easier than ever to add authentication to your apps. We'll have more to share before too long, so stay tuned for an exciting 2019!

2FA goes GA

Pardon the acronym soup! Today we're officially announcing the general availability (GA) of two-factor authentication (2FA).

This marks the end of the beta period. If you were holding out on 2FA due to the beta status, we invite you to take another look now that the beta is over.

Since we wrote all about two-factor authentication back when the beta started, we won't repeat ourselves. Be sure to read that post if you missed it previously.

We'll also remind you that AuthRocket itself added 2FA a few months back. We definitely encourage you to enable 2FA for your login if you haven't already. You'll need a compatible app on your mobile device (Google Authenticator, MS Authenticator, and many others all work just great). Then login and go to Profile -> Two-factor authentication to get started.

Please give us a shout if you have any questions. We'd love to hear from you.

Streamlined Rails integration

We just released an updated Ruby gem for AuthRocket that includes a much streamlined integration experience when using Rails.

Before, using Rails required some degree of setting up controllers, actions, and helpers to glue everything together. Now, all that's done for you.

This new behavior is opt-in, so nothing breaks for existing apps. It can be enabled by simply customizing require when adding the gem to your Gemfile.

gem 'authrocket', require: 'authrocket/rails'

More details are in our Ruby on Rails integration guide.

As always, we're here for you if you have questions.

2FA for Logins to AuthRocket

We recently announced initial availability of two-factor authentication (2FA), also referred to as multi-factor authentication (MFA).

As you might guess, we use AuthRocket itself to handle AuthRocket logins. So, with the new general 2FA support, we're now pleased to add the ability to protect your own AuthRocket login with 2FA.

To get started, make sure you have a compatible app on your mobile device. There are many free ones. Google Authenticator is one popular choice and is available on both iOS and Android.

Then login to AuthRocket, click on your name in the upper right and go to Profile/Password/2FA -> Two-factor authentication.

Please don't hesitate to reach out to us with any questions or concerns.

Two-factor authentication

One of the most common requests we've heard from customers lately is for two-factor or multi-factor authentication (2FA and MFA, respectively).

Today we're happy to announce the beta availability of 2FA.

Background

There are two common types of two-factor auth: TOTP and SMS.

TOTP stands for Time-based One-Time Password, and is a published standard used by many apps and services, including Google Authenticator and MS Authenticator. It requires an authentication app to be installed on a user's device, most commonly their mobile phone.

After entering their username and password, the user loads the app, obtains a 6-digit code valid at just that moment in time, and submits it as part of the login process.

It's simple and quite secure.

SMS, or text messages, is the other option, whereby at the time of login a random code--also often 6-digits--is sent out-of-band to the user. Technically this could be any out-of-band communication, such as email or a phone call, but SMS is most common.

This requires having the user's phone number and that the user is within their service area. Both poor reception and travel/roaming can block the code from being received and prevent a login. Additionally, for international users, it's sometimes difficult to send SMS messages to certain countries.

In contrast, TOTP relies only on having the device present. No service is required.

At this time we are only supporting TOTP. AuthRocket's 2FA support is compatible with Google Authenticator and most other authenticator apps. Many of these apps are available for free and they are available on virtually every platform, making things easy and accessible for your users.

Enabling Two-factor Auth

Enabling 2FA is super quick. Just go to Realm Settings -> Auth Providers -> 2FA: TOTP and click Add.

Once 2FA is enabled, it's just a matter of enrolling each user. That may be done through our expanded Credentials API or performed administratively through the management portal.

Two-factor logins work automatically with LoginRocket. If you're using authrocket.js or the AuthRocket API directly, minor changes are needed.

Full details may be found in our 2FA documentation.

As always, if you have questions or need any help along the way, reach out to us.