JWT Authentication

Authentication models for hosting platforms require more considerations due to 3rd party api access. We wanted to be able to issue user auth tokens for 3rd party apps (think OAuth), as well as be able to verify authentication of local native api calls (through our iframe native app hooks). Our solution was to use Json Web Tokens (JWT) with ES256 encryption (public/private key pair), which allows us to verify signed tokens using a public key which can be shared without compromising the security of our tokens. It also allows us to statelessly sign tokens for 3rd party developer use.

Here's a sample implementation of a basic authentication strategy (extensible to allow scoped tokens).


Store.js – Cross Browser Storage for All Use Cases

Store.js is a localStorage wrapper for all browsers without using cookies or flash. Uses localStorage, globalStorage, and userData behavior under the hood.

Store.js version 2 is a full revamp with pluggable storage, pluggable extra functionality, and fully cross-browser automatic testing.

List of supported browsers

  • Tested on IE6+
  • Tested on iOS 8+
  • Tested on Android 4+
  • Tested on Firefox 4+
  • Tested on Chrome 27+
  • Tested on Safari 5+
  • Tested on Opera 11+
  • Tested on Node