<a href="https://www.olark.com/site/4735-692-10-7155/contact" title="Contact us" target="_blank">Questions? Feedback? powered by <a href="http://www.olark.com?welcome" title="Olark live chat software">Olark live chat software

Meteor 0.5.0: authentication, user accounts, new screencast

October 17, 2012 By Matt DeBergalis
Vote on Hacker News

For the past six months we've been hard at work on an authentication and user accounts system for Meteor. Today is the day that it all comes together. Meteor 0.5.0, available today, allows you to write secure realtime client-server applications in pure JavaScript. It's the only system of its kind in the world.

We're also releasing a new screencast that shows off what it's like to develop with these powerful new tools. If you liked the first Meteor screencast you should definitely check this one out. We hope you'll share it with your friends and coworkers too.

We are thankful for the immense amount of support that we received in putting together this release — from those of you on meteor-core and meteor-talk, from those of you who are already using Meteor in commercial environments or making money from Meteor consulting, from everyone who sent pull requests, from those of you that have been giving awesome conference talks and religiously answering questions on Stack Overflow and Quora. Without this support there would be no Meteor. In fact, 0.5.0 contains more community patches than every previous Meteor release combined.

Today's release includes everything necessary to build and deploy secure applications using Meteor:

  • New authentication APIs on the server: a Meteor.allow API that controls which data a Meteor client is allowed to change in the database, and hooks that give the Meteor server control over what data it sends to each client. These core APIs operate at the wire protocol layer, so they establish a strong foundation for security.

  • Meteor Accounts, a state-of-the-art user account system built on top of the core Meteor authentication APIs. Accounts provides a set of high-level APIs to manage user accounts, which are stored in the Meteor.users collection.

  • Support for the Secure Remote Password protocol. Developed at Stanford, SRP lets a user securely log in to a server without ever sending that server their unencrypted password. The kind of high-profile security breaches at LinkedIn and Pandora earlier this year are impossible with SRP. Instead of asking every application developer to safely store passwords, we've baked the very best technology right into Meteor Accounts.

  • Smart packages for major OAuth login services, including Google, Facebook, Twitter, GitHub, and Weibo. Packages for additional providers are also available on Atmosphere, a repository for community packages.

  • Accounts UI, a set of login, signup, and password reset forms that drop right into an application with one line of code. Accounts UI also provides configuration wizards for each of the OAuth login packages.

All the parts of Meteor work together. Subscriptions automatically rerun when the current user changes, so it's very easy to publish more documents or extra document fields to authenticated users. The UI widgets automatically reconfigure themselves as you add new login services. Password-based accounts include a password recovery link, and if you deploy to our servers withmeteor deploy there's absolutely no configuration required to send the reset email. Thescreencast demonstrates each of these, so we hope you'll take a moment to watch.

The Meteor blog

Long-range performance metrics in Galaxy
Angular Meteor 1.2.0 Released
Scaling CodeFights with Galaxy
Meteor 1.2.1 Released
A Recap of AngularConnect 2015 in London
Get started with ES2015 (ES6) and Meteor