Easy Realm JWT Authentication with CosyncJWT
Rate this article
Didn't get a chance to attend the Easy Realm JWT Authentication with CosyncJWT Meetup? Don't worry, we recorded the session and you can now watch it at your leisure to get you caught up.
In this meetup, Richard Krueger, CEO Cosync, will focus on the benefits of JWT authentication and how to easily implement CosyncJWT within a Realm application. CosyncJWT is a JWT Authentication service specifically designed for MongoDB Realm application. It supports RSA public/private key third party email authentication and a number of features for onboard users to a Realm application. These features include signup and invite email confirmation, two-factor verification through the Google authenticator and SMS through Twilio, and configurable meta-data through the JWT standard. CosyncJWT offers both a cloud implementation where Cosync hosts the application/user authentication data, and will soon be releasing a self-hosted version of the service, where developers can save their user data to their own MongoDB Atlas cluster.
In this 60-minute recording, Richard spends about 40 minutes presenting an overview of Cosync, and then dives straight into a live coding demo. After this, we have about 20 minutes of live Q&A with our Community. For those of you who prefer to read, below we have a full transcript of the meetup too. As this is verbatim, please excuse any typos or punctuation errors!
Throughout 2021, our Realm Global User Group will be planning many more online events to help developers experience how Realm makes data stunningly easy to work with. So you don't miss out in the future, join our Realm Global Community and you can keep updated with everything we have going on with events, hackathons, office hours, and (virtual) meetups. Stay tuned to find out more in the coming weeks and months.
Shane: So, you're very, very welcome. We have a great guest here speaker today, Richard Krueger's joined us, which is brilliant to have. But just before Richard get started into the main event, I just wanted to do introductions and a bit of housekeeping and a bit of information about our upcoming events too. My name is Shane McAllister. I look after developer advocacy for Realm, for MongoDB. And we have been doing these meetups, I suppose, steadily since the beginning of this year, this is our fifth meetup and we're delighted that you can all attend. We're delighted to get an audience on board our platform. And as we know in COVID, our events and conferences are few and far between and everything has moved online. And while that is still the case, this is going to be a main channel for our developer community that we're trying to build up here in Realm at MongoDB.
We are going to do these regularly. We are featuring talkers and speakers from both the Realm team, our SDK leads, our advocacy team, number of them who are joining us here today as well too, our users and also our partners. And that's where Richard comes in as well too. So I do want to share with you a couple of future meetups that we have coming as well to show you what we have in store. We have a lot coming on the horizon very, very soon. So just next week we have Klaus talking about Realm Kotlin Multiplatform, followed a week or so later by Jason who's done these meetups before. Jason is our lead for our Coco team, our Swift team, and he's on June 2nd. He's talking about SwiftUI testing and Realm with projections. And then June 10th, a week later again, we have Kræn, who's talking about Realm JS for react native applications.
But that's not the end. June 17th, we have Igor from Amazon Web Services talking about building a serverless event driven application with MongoDB in Realm. And that will also be done with Andrew Morgan who's one of our developer advocates. We've built, and you can see that on our developer hub, we've built a very, very neat application integrating with Slack. And then Jason, a glutton for punishment is back at the end of June and joining us again for a key path filtering and auto open. We really are pushing forward with Swift and SwiftUI with Realm. And we see great uptake within our community. On top of all of that in July is mongodb.live. This is our key MongoDB event. It's on July 13th and 14th, fully online. And we do hope that if you're not registered already, you will sign up, just search for mongodb.live, sign up and register. It's free. And over the two days, we will have a number of talks, a number of sessions, a number of live coding sessions, a number tutorials and an interactive elements as well too. So, it's where we're announcing our new products, our roadmap for the year, and engage in across everything MongoDB, including Realm. We have a number of Realm's specific sessions there as well too. So, just a little bit of housekeeping. We're using this bevy platform, for those of you familiar with Zoom, and who've been here before to meet ups, you're very familiar. We have the chat. Thank you so much on the right-hand side, we have the chats. Thank you for joining there, letting us know where you're all from. We've got people tuning in from India, Sweden, Spain, Germany. So that's brilliant. It's great to see a global audience and I hope this time zone suits all of you.
We're going to take probably about, I think roughly, maybe 40 minutes for both the presentation and Richard's brave enough to do some live coding as well too. So we very much look forward to that. We will be having a Q&A at the end. So, by all means, please ask any questions in the chat during Richard's presentation. We have some people, Kurt and others here, and who'll be able to answer some questions on Cosync. We also have some of our advocates, Diego and Mohit who joined in and answer any questions that you have on Realm as well too. So, we can have the chat in the sidebar. But what happens in this, what happened before at other meetups is that if you have some questions at the end and you're very comfortable, we can open up your mic and your video and allow you to join in in this meetup.
It is a meetup after all, and the more the merrier. So, if you're comfortable, let me know, make a note or a DM in the chats, and you can ask your question directly to Richard or myself at the end as well too. The other thing then really with regard to the housekeeping is, do get connected. This is our meetup, this is our forums. This is our channels. And that we're on as well too. So, developer.mongodb.com is our forums and our developer hub. We're creating articles there weekly and very in-depth tutorials, demos, links to repos, et cetera. That's where our advocates hang out and create content there. And around global community, you're obviously familiar with that because you've ended up here, right? But do spread the word. We're trying to get more and more people joining that community.
The reason being is that you will be first to know about the future events that we're hosting in our Realm global community if you're signed up and a member there. As soon as we add them, you'll automatically get an email, simple button inside the email to RSVP and to join future events as well too. And as always, we're really active on Twitter. We really like to engage with our mobile community there on Twitter. So, please follow us, DM us and get in touch there as well too. And if you do, and especially for this event now, I'm hoping that you will ... We have some prizes, you can win some swag.
It's not for everybody, but please post comments and your thoughts during the presentation or later on today, and we'll pick somebody at random and we send them a bunch of nice swag, as you can see, happily models there by our Realm SDK engineers, and indeed by Richard and myself as well too. So, I won't keep you much longer, essentially, we should get started now. So I would like to introduce Richard Krueger who's the CEO of Cosync. I'm going to stop sharing my screen. Richard, you can swap over to your screen. I'll still be here. I'll be moderating the chat. I'm going to jump back in at the end as well too. So, Richard, really looking forward to today. Thank you so much. We're really happy to have you here.
Richard: Sounds good. Okay. I'm Richard Krueger, I'm the CEO of Cosync, and I'm going to be presenting a JWT authentication system, which we've built and as we're adding more features to it as we speak. So let me go ahead and share my screen here. And I'm going to share the screen right. Okay. Do you guys see my screen? Shane: We see double of your screen at the moment there.
Richard: Oh, okay. Let me take this away. Okay, there you go.
Shane: We can see that, if you make that full screen, we should be good and happier. I'd say, are you going to move between windows because you're doing-
Richard: Yeah, I will. There we go. Let me just ... I could make this full screen right now. I might toggle between full screen and non-full screen. So, what is a little bit about myself, I've been a Realm programmer for now almost six years. I was a very early adopter of the very first object database which I used for ... I've been doing kind of cloud synchronization programs. So my previous employer, Needley we used that extensively, that was before there was even a cloud version of Realm. So, in order to build collaborative apps, one, back in the day would have to use something like Parse and Realm or Firebase and Realm. And it was kind of hybrid systems. And then about 2017, Realm came out with its own cloud version, the Realm Cloud and I was a very early adopter and enthusiast for that system.
I was so enthusiastic. I started a company that would build some add on tools for it. The way I see Realm is as kind of a seminole technology for doing full collaborative computing, I don't think there's any technology out there. The closest would be Firebase but that is still very server centric. What I love about Realm is that it kind of grew out of the client first and then kind of synchronizes client-side database with a mirrored copy on a server automatically. So, what Realm gives you is kind of an offline first capability and that's just absolutely huge. So you could be using your local app and you could be in a non-synced environment or non-connected environment. Then later when you connect everything automatically synchronizes to a server, copy all the updates.
And I think it scales well. And I think this is really seminal to develop collaborative computing apps. So one of the things we decided to do was, and this was about a year ago was build an authentication system. We first did it on the old Realm cloud system. And then in June of last year, Mongo, actually two years ago, Mongo acquired Realm and then merged the Atlas infrastructure with the Realm front end. And that new product was released last June and called MongoDB Realm. And which I actually think is a major improvement even on Realm sync, which I was very happy with, but I think the Apple infrastructures is significantly more featured than the Realm cloud infrastructure was. And they did a number of additional support capabilities on the authentication side.
So, what we did is we retargeted, co-synced JWT as an authentication system for the new MongoDB Realm. So, what is JWT? That stands for Java Script Web Tokens. So it's essentially a mechanism by which a third party can authenticate users for an app and verify their identity. And it's secure because the technology that's used, that underlies JWT's public private key encryption, it's the same technology that's behind Bitcoin. So you have a private key that encrypts the token or signs it, and then a public key that can verify the signature that can verify that a trusted party actually authenticated the user. And so why would you want to separate these two? Well, because very often you may want to do additional processing on your users. And a lot of the authentication systems that are right now with MongoDB Realm, you have anonymous authentication, or you have email password, but you may want to get more sophisticated than that.
You may want to attach metadata. You may want to have a single user that authenticates the same way across multiple apps. And so it was to kind of deal with these more complex issues in a MongoDB Realm environment that we developed this product. Currently, this product is a SaaS system. So, we actually host the authentication server, but the summer we're going to release a self hosted version. So you, the developer can host your own users on your own MongoDB Atlas cluster, and you run a NodeJS module called CosyncJWT server, and you will basically provide your own rest API to your own application. The only thing Cosync portal will do will be to manage that for you to administrate it.
So let me move on to the next slide here. Realm allows you to build better apps faster. So the big thing about Realm is that it works in an offline mode first. And that to me is absolutely huge because if anybody has ever developed synchronized software, often you require people to be connected or just doesn't work at all. Systems like Slack come to mind or most chat programs. But with Realm you can work completely offline. And then when you come back online, your local Realm automatically syncs up to your background Realm. So what we're going to do here is kind of show you how easy it is to implement a JWT server for a MongoDB Realm app. And so what I'm going to go ahead and do is we're going to kind of create an app from scratch and we're going to first create the MongoDB Realm app.
And so what I'm going to go here, I've already created this Atlas cluster. I'm going to go ahead and create an app called, let's call it CosyncJWT test. And this is I'm inside the MongoDB Realm portal right now. And I'm just going to go ahead and create this app. And then I'm going to set up its sync parameters, all of the MongoDB Realm developers are familiar with this. And so we're going to go to is we'll give it a partition key called partition, and we will go ahead and give it a database called CosyncJWT TestDB. And then we will turn our development mode on. Wait, what happened here?
What is the problem there? Okay. Review and deploy. Okay. Let me go ahead and deploy this. Okay. So, now this is a complete Realm app. It's got nothing on it whatsoever. And if I look at its authentication providers, all I have is anonymous login. I don't have JWT set at all. And so what we're going to do is show you how easy it is to configure a JWT token. But the very first thing we need to do is create what I call an API key, and an API key enables a third party program to manipulate programmatically your MongoDB Realm app. And so for that, what we'll do is go into the access manager and for this project, we'll go ahead and create an API key. So let me go ahead and create an API key. And I'm going to call this CosyncJWT test API key, and let's give it some permissions.
I'll be the project owner and let's go ahead and create it. Okay. So that will create both a public key and a private cake. So the very first thing you need to do when you do this is you need to save all of your keys to a file, which your private key, you have to be very careful because the minute somebody has this, go in and programmatically monkey with your stuff. So, save this away securely, not the way I'm doing it now, but write it down or save it to a zip drive. So let me copy the private key here. For the purpose of this demo and let me copy the public key.
Okay. Let me turn that. Not bold. Okay. Now the other thing we need is the project ID, and that's very easy to get, you just hit this little menu here and you go to project settings and you'll have your project ID here. So I'm going to, also, I'll need that as well. And lastly, what we need is the Realm app ID. So, let's go back to Realm here and go into the Realm tab there, and you can always get your app ID here. That's so unique, that uniquely identifies your app to Realm and you'll need that both the cursing portal level and at your app level. Okay, so now we've retrieved all of our data there. So what we're going to go ahead and do now is we're going to go into our Cosync portal and we're going to go ahead and create a Cosync app that mirrors this.
So I'm going to say create new app and I'll say Cosync. And by the way, to get to the Cosync portal, just quick note, to get to the Cosync portal, all you have to do is go to our Cosync website, which is here and then click on sign in, and then you're in your Cosync. I've already signed in. So, you can register yourself with Cosync. So we're going to go ahead and create a new app called Cosync JWT test and I'm going to go ahead and create it here. And close this. And it's initializing there, just takes a minute to create it on our server. Okay. Right. Something's just going wrong here. You go back in here.
Shane: Such is the world of live demos!
Richard: That's just the world of live demos. It always goes wrong the very second. Okay, here we go. It's created.
Shane: There you go.
Richard: Yeah. Okay. So, now let me explain here. We have a bunch of tabs and this is basically a development app. We either provide free development apps up to 50 users. And after that they become commercial apps and we charge a dollar for 1,000 users per month. So, if you have an app with 10,000 users, that would cost you $10 per month. And let me go, and then there's Realm tab to initialize your Realm. And we'll go into that in a minute. And then there's a JWT tab that kind of has all of the parameters that regulate JWT. So, one of the things I want to do is talk about metadata and for this demo, we can attach some metadata to the JWT token.
So the metadata we're going to attach as a first name and a last name, just to show you how that works. So, I'm going to make this a required field. And I'll say we're going to have a first name, this actually gets attached to the user object. So this will be its path, user data dot name dot first. And then this is the field name that gets attached to the user object. And there'll be first name and let's set another field, which is user data dot name dot last. And that will be last name. Okay. And so we have our metadata defined, let's go ahead and save it. There's also some invite metadata. So, if you want to do an invitation, you could attach a coupon to an invitation. So these are various onboarding techniques.
We support two types of onboarding, which is either invitation or sign up. You could have a system of the invitation only where a user would ... the free masons or something where somebody would have to know you, and then you could only get in if you were invited. Okay. So, now what we're going to go ahead and do is initialize our instance. So that's pretty easy. Let's go take our Realm app ID here, and we paste that in and let's go ahead and initialize our Kosik JWT, our token expiration will be 24 hours. So let's go ahead and initialize this. I'll put in my project ID.
All right. My project ID here, and then I will put in my public key, and I will put in my private key here. Okay. Let's go ahead and do this. Okay. And it's successfully initialized it, and we can kind of see that it did. If we go back over here to authentication, we're going to actually see that now we have cosynced JWT authentication. If we go in, it'll actually have set the signing algorithm to RS256, intellectually, have set the public key. So the Cosync, I mean, the MongoDB Realm app will hold onto the public key so that it knows that only this provider which holds onto the private key has the ability to sign. And then it also is defined metadata fields, which are first name, last name and email. Okay. So, anytime you sign up, those metadata fields will be kind of cemented into your user object.
And we also provide APIs to be able to change the metadata at runtime. So if you need to change it, you can. But it's important to realize that this metadata doesn't reside in Realm, it resides with the provider itself. And that's kind of the big difference there. So you could have another database that only had your user data. That was not part of your MongoDB Realm database, and you could mine that database for just your user stuff. So, that's the idea there. So the next step, what we're going to do is we're going to go ahead and run this kind of sample app. So the sample, we provide a number of sample apps. If you go to our docs here and you go down to sample application, we provide a good hub project called Cosync samples, which has samples for both our Cosync storage product, which we're not talking about here today, and our CosyncJWT project.
Cosync storage basically maps Amazon as three assets onto a MongoDB Realm app. So CosyncJWT has different directories. So, we have a Swift directory, a Kotlin directory and a ReactNative. Today I'm primarily just showing the Swift, but we also have ReactNative binding as well that works fine with this example. Okay. So what happens is you go ahead and clone this. You would go ahead and clone this, Github project here and install it. And then once you've installed it, let me bring it up here, here we go, this is what you would get. We have a sample app called CosyncJWT iOS. Now, that has three packages that depends on. One is a package called CosyncJWT Swift, which wrappers around our arrest API that uses NSURL.
And then we depend on the Realm packages. And so this little sample app will do nothing, but allow you to sign up a user to CosyncJWT, and logging in. And it'll also do things like two factor verification. We support both phones two factor verification if you have a Twilio account and we support the Google two-factor authentication, which is free, and even more secure than a phone. So, that gives you an added level of security, and I'll just show you how easy it is too. So, in order to kind of customize this, you need to set two constants. You need to set your Realm app ID and your wrap token. So, that's very easy to do. I can go ahead, and let me just copy this Realm app ID, which I copied from the Realm portal.
And I'll stick that here. Let me go ahead and get the app token, which itself is a JWT token because the Cosync, this token enables your client side app to use the CosyncJWT rust API and identify you as the client is belonging to the sound. And so if we actually looked at that token, we could go to utilities that have used JWT. You always use jwt.io, and you can paste any JWT token in the world into this little thing. And you'll see that this is this app token is in fact itself, a JWT token, and it's signed with CosyncJWT, and that will enable your client side to use the rest API.
So, let's go ahead and paste that in here, and now we're ready to go. So, at this point, if I just run this app, it should connect to the MongoDB Realm instance that we just previously created, and it should be able to connect to the CosyncJWT service for authentication. There are no users by the way in the system yet. So, let me go ahead and build and run this app here, and comes up, [inaudible 00:29:18] an iPhone 8+ simulator. And what we'll do is we'll sign up a user. So if we actually go to the JWT users, you'll see we have no users in our system at all. So, what we're going to go ahead and do is sign up a user. It'll just come up in a second.
Shane: Simulators are always slow, Richard, especially-
Richard: I know. Shane: ... when you try to enable them. There you go.
Richard: Right. There we go. Okay. So I would log in here. This is just simple SwiftUI. The design is Apple, generic Apple stuff. So, this was our signup. Now, if I actually look at the code here, I have a logged out view, and this is the actual calls here. I would have a sign up where I would scrape the email, the password, and then some metadata. So what I'm going to go ahead and do is I'm going to go ahead and put a break point right there and let's go ahead and sign myself up as , give it a password and let's go ahead and let's say Richard Krueger. So, at this point, we're right here. So, if we look at ... Let me just make this a little bit bigger.
Shane: Yeah. If you could a little bit, because some of this obviously bevy adjusts itself by your connection and sometimes-
Richard: Right away.
Shane: ... excavated in code. Thank you.
Richard: Yeah. Okay. So if we look at the ... We have an email here, which is, I think we might be able to see it. I'm not sure. Okay, wait. Self.email. So, for some reason it's coming out empty there, but I'm pretty sure it's not empty. It's just the debugger is not showing the right stuff, but that's the call. I would just make a call to CosyncJWT sign up. I pass in an email, I pass in a password, pass in the metadata and it'll basically come back with it signed in. So, if I just run it here, it came back and then should not be ... there's no error. And it's now going to ask me to verify my code. So, the next step after that will be ... So, at this point I should get an email here. Let's run. So, it's not going to be prompting me for a code. So I just got this email, which says let me give it a code. And I'll make another call, Russ call to verify the code. And this should let me in.
Yeah. Which it did log me in. So, the call to verify the code. We also have things where you can just click on a link. So, by the way, let me close this. How your signup flow, you can either have code, link or none. So, you might have an app that doesn't need purification. So then you would just turn it on to none. If you don't want to enter a code, you would have them click on a link and all of these things themselves can be configured. So, the emails that go out like this particular email looks very generic. But I can customize the HTML of that email with these email templates. So, the email verification, the password reset email, all of these emails can be customized to 50 branding of the client itself.
So, you wouldn't have the words cosync in there. Anyways, so that kind of shows you. So now let me go ahead and log out and I can go ahead and log back in if I wanted to. Let me go ahead and the show you where the log in is. So, this is going to call user manager, which will have a log in here. And that we'll call Realm manage ... Wait a minute, log out, log in this right here. So, let's go put a break point on log in and I'm going to go ahead and say Richard@. I'm going to go ahead and log in here. And I just make a call to CosyncJWT rest. And again, I should be able to just come right back.
And there I am. Often, by the way, you'll see this dispatch main async a lot of times when you make Rest calls, you come back on a different thread. The thing to remember, I wrote an article on Medium about this, but the thing to remember about Realm and threads is this, what happens on a thread? It's the Vegas rule. What happens on a thread must stay on a thread. So with Realm does support multithreading very, very well except for the one rule. If you open a Realm on a thread, you have to write it on the same thread and read it from the same thread. If you try and open a Realm on one thread and then try and read it from another thread, you'll cause an exception. So, often what I do a lot is force it back on the main thread.
And that's what this dispatch queue main async is. So, this went ahead and there's no error and it should just go ahead and log me in. So, what this is doing here, by the way, let me step into this. You'll see that that's going to go ahead and now issue a Realm log in. So that's an actual Realm call app.login.credentials, and then I pass it the JWT token that was returned to me by CosyncJWT. So by the way, if you don't want to force your user to go through the whole authentication procedure, every time he takes this app out of process, you can go ahead and save that JWT token to your key chain, and then just redo this this way.
So you could bypass that whole step, but this is a demo app, so I'd put it in there. So this will go ahead and log me in and it should transition, let me see. Yeah, and it did. Okay. So, that kind of shows you that. We also have capabilities for example, if you wanted to change your password, I could. So, I could change my password. Let me give my existing password and then I'll change it to a new password and let me change my password. And it did that. So, that itself is a function called change password.
It's right here, Cosync change password, is passing your new password, your old password, and that's another Rest call. We also have forgotten password, the same kind of thing. And we have two factor phone verification, which I'm not going to go into just because of time right now, or on two factor Google authentication. So, this was kind of what we're working on. It's a system that you can use today as a SaaS system. I think it's going to get very interesting this summer, once we release the self hosted version, because then, we're very big believers in open source, all of the code that you have here result released under the Apache open source license. And so anything that you guys get as developers you can modify and it's the same way that Realm has recently developed, Andrew Morgan recently developed a great chat app for Realm, and it's all equally under the Apache license.
So, if you need to implement chat functionality, I highly recommend to go download that app. And they show you very easily how to build a chat app using the new Swift combine nomenclature which was absolutely phenomenal in terms of opaque ... I mean, in terms of terseness. I actually wrote a chat program recently called Tinychat and I'd say MongoDB Realm app, and it's a cloud hosted chat app that is no more than 70 lines of code. Just to give you an idea how powerful the MongoDB Realm stuff and I'm going to try and get a JWT version of that posted in the next few days. And without it, yes, we probably should take some questions because we're coming up at quarter to the hour here. Shane.
Shane: Excellent. No, thank you, Richard. Definitely, there's been some questions in the sidebar. Kurt has been answering some of them there, probably no harm to revisit a couple of them. So, Gigan, I hope I'm pronouncing that correctly as well too, was asking about changing the metadata at the beginning, when you were showing first name, last name, can you change that in future? Can you modify it?
Richard: Yeah. So, if I want to add to the metadata, so what I could do is if I want to go ahead and add another field, so let's go ahead and add another field a year called user data coupon, and I'll just call this guy coupon. I can go ahead and add that. Now if I add something that's required, that could be a problem if I already have users without a required piece of metadata. So, we may actually have to come up with some migration techniques there. You don't want to delete metadata, but yeah, you could go ahead and add things.
Shane: And is there any limits to how much metadata? I mean, obviously you don't want-
Richard: Not really.
Shane: ... fields for users to fill in, but is there any strict limit at all?
Richard: I mean, I don't think you want to store image data even if it's 64 encoded. If you were to store an avatar as metadata I'd store the link to the image somewhere, you might store that avatar on Amazon, that's free, and then you would store the link to it in the metadata. So, it's got normally JWT tokens pretty sparse. It's something supposed to be a 10 HighQ object, but the metadata I find is one of the powers of this thing because ... and all of this metadata gets rolled into the user objects. So, if you get the Realm user object, you can get access to all the metadata once you log in.
Shane: I mean, the metadata can reside with the provider. That's obviously really important for, look, we see data breaches and I break, so you can essentially have that metadata elsewhere as well too.
Shane: It's very important for the likes of say publications and things like that.
Richard: Right. Yeah, exactly. And by the way, this was a big feature MongoDB Realm added, because metadata was not part of the JWT support in the old Realm cloud. So, it was actually a woman on the forum. So MongoDB employee that tuned me into this about a year ago. And I think it was Shakuri I think is her name. And that's why it was after some discussion on the forums. By the way, these forums are fantastic. If you have any, you meet people there, you have great discussions. If you have a problem, you can just post it. If I know an issue, I try to answer it. I would say there it's much better than flashed off. And then it's the best place to get Realm questions answered okay much better than Stack Overflow. So, [inaudible 00:44:20]. Right?
Shane: I know in our community, especially for Realm are slightly scattered all rights as well too. Our advocates look at questions on Stack Overflow, also get help comments and in our forum as well too. And I know you're an active member there, which is great. Just on another question then that came up was the CosyncJWT. You mentioned it was with Swift and ReactNative by way of examples. Have you plans for other languages?
Richard: We have, I don't think we've published it yet, but we have a Kotlin example. I've just got to dig that up. I mean, if we like to hear more, I think Swift and Kotlin and React Native are the big ones. And I've noticed what's going on is it seems that people feel compelled to have a Native iOS, just because that's the cache operating system. And then what they do is they'll do an iOS version and then they'll do a ReactNative version to cover desktop and Android. And I haven't bumped into that many people that are pure Android, purest or the iOS people tend to be more purest than the Android people. I know...
Shane: ... partly down to Apple's review process with apps as well too can be incredibly stringent. And so you want to by the letter of the law, essentially try and put two things as natively as possible. Or as we know, obviously with Google, it's much more open, it's much freer to use whatever frameworks you want. Right?
Richard: Right. I would recommend though, if you're an iOS developer, definitely go with SwiftUI for a number ... Apple is putting a huge amount of effort into that. And I have the impression that if you don't go there, you'll be locked out of a lot of features. And then more importantly, it's like Jason Flax who's a MongoDB employee has done a phenomenal job on getting these MongoDB Realm combined primitives working that make it just super easy to develop a SwiftUI app. I mean, it's gotten to the point where one of our developer advocate, Kurt Libby, is telling me that his 12 year old could Jason flax's stuff. That was like normally two years ago to use something like Realm required a master's degree, but it's gone from a master's degree to a twelve-year-old. It just in simplification right now.
Shane: Yeah. We're really impressed with what we've seen in SwiftUI. It's one of the areas we see a lot of innovation, a huge amount of traction, I suppose. Realm, historically, was seen as a leader in the Swift space as well too. Not only did we have Realm compatible with Swift, but we talked about swift a lot outside of, we led one of the largest Swift meetup groups in San Francisco at the time. And we see the same happening again with SwiftUI. Some people, look, dyed in the wool, developers are saying, "Oh, it's not ready for real time commercial apps," but it's 95% there. I think you can build an app wholly with SwiftUI. There's a couple of things that you might want to do, and kind of using UI kit and other things as well too, it's all right, but that's going to change quickly. Let's see what's in store at DC as well for us coming up.
Richard: Yeah, exactly.
Shane: Right. Excellent. I know, does anybody, I said at the beginning, we can open up the mic and the cameras to anybody who'd like to come on and ask a question directly of Richard or myself. If you want to do that, please make a comment in the chat. And I can certainly do that, if not just ask the questions in the chat there as well too. While we're waiting for that, you spoke about Google two factor and also Twilio. Your example there was with the code with the Google email, how much more work is involved in the two factor side of things either
Richard: So, the two factor stuff, what you have to do, when you go here, you can turn on two factor verification. So, if you select Google you would have to put in your ... Let me just see what my ... You would have to put in the name of your Google app. And then if you did phone ... Yes, change it, you'd have to put your Twilio account SI, your off the token from Twilio and your Twilio phone number. Now, Twilio, it looks cheap. It's just like a penny a message. It adds up pretty fast.
Richard: My previous company I worked with, Needley, we had crypto wallet for EOS and we released it and we had 15,000 users within two weeks. And then our Twilio bill was $4,000 within the week. It just added up very quickly. So it's the kind of thing that ... it doesn't cost much, but if you start sending out machine gunning out these SMS messages, it can start adding up. But if you're a banking app, you don't really care. You're more interested in providing the security for your ... Anyways, I guess that would answer that question. Are there any other questions here?
Shane: There's been a bit of, I think it was a comment that was funny while you were doing the demo there, Richard, with regards to working on the main thread. And you were saying that there was issues. Now, look, Realm, we have frozen objects as well too, if you need to pass objects rights, but they are frozen. So maybe you might want to just maybe clarify your thoughts on that a little bit there. There was one or two comments in the sidebar.
Richard: Well, with threading in Realm, this is what I tend to do. If you have a background, one of the problems you bump into is the way threading in SwiftUI works is you have your main thread that's a little bit like you're Sergeant major. And then you have all your secondary threads that are more like your privates. And the Sergeant major says, "Go do this, go clean the latrine, or go peel some potatoes." And he doesn't really care which private goes off and doesn't, just the system in the background will go assign some private to go clean the little train. But when Realm, you have to be careful because if you do an async open on a particular thread, particular worker thread, then all the other subsequent things, all the writes and the reads should be done on that same thread.
Richard: So, what I found is I go ahead and create a worker thread at the beginning that will kind of handle requests. And then I make sure I can get back there and to that particular thread. There was an article I wrote on Medium about how to do this, because you obviously you don't want to burden your main thread with all your Realm rights. You don't want to do that because it will start eating ... I mean, your main threads should be for SwiftUI and nothing more. And you want to then have a secondary thread that can process that, and having just one secondary thread that's working in the background is sufficient. And then that guy handles the Realm request in a sense. That was the strategy seemed to work best I found.
Richard: But you could open a Realm on your primary thread. You can also open the same Realm on a background thread. You just have to be careful when you're doing the read better beyond the Realm that was opened on the thread that it was opened on that the read is taking place from. Otherwise, you just got an exception. That's what I've found. But I can't say that I'm a complete expert at it, but in general, with most of my programming, I've always had to eventually revert to kind of multi-threading just to get the performance up because otherwise you'll just be sitting there just waiting and waiting and waiting sometimes.
Shane: Yeah, no, that's good. And I think everybody has a certain few points on this. Sebastian asked the question originally, I know both Mohit and Andrew who are developer advocates here at Realm have chimed in on that as well too. And it is right by best practices and finding the effect on what might happen depending on where you are trying to read and write.
Richard: Right. Well, this particular example, I was just forcing it back on the main thread, because I think that's where I had to do the Rest calls from. There was an article I wrote, I think it was about three months ago, Multithreading and MongoDB Realm, because I was messing around with it for some imaging out that there was writing and we needed to get the performance out of it. And so anyways, that was ... But yeah, I hope that answers that question.
Shane: Yeah, yeah. Look, we could probably do a whole session on this as well. That's the reality of it. And maybe we might do that. I'm conscious of everybody's time. It'd be mindful of that. And didn't see anything else pop up in the questions. Andrew's linked your Medium articles there as well too. We've published them on Realm, also writes on Medium. We publish a lot of the content, we create on dev up to Medium, but we do and we are looking for others who are writing about Realm that who may be writing Medium to also contribute. So if you are, please reach out to us on Medium there to add to that or ping us on the forums or at Realm. I look after a lot of our Twitter content on that Realm as we [crosstalk 00:56:12] there. I've noticed during this, that nobody wants T-shirts and face masks, nobody's tweeted yet at Realm. Please do. We'll keep that open towards the end of the day as well. If there's no other questions, I first of all want to say thank you very much, Richard.
Richard: Well, thank you for having me.
Shane: No, we're delighted. I think this is a thing that we want to do ongoing. Yes, we are running our own meetups with our own advocates and engineers, but we also want, at least perhaps once a month, maybe more if we could fit it in to invite guests along to share their experience of using MongoDB Realm as well too. So, this is the first one of those. As we saw at the beginning, we do have Igor in AWS during the presentation in June as well too. But really appreciate the attendance here today. Do keep an eye. We are very busy. You saw it's pretty much once week for the next four or five weeks, these meetups. Please share amongst your team as well too.
Shane: And above all, join us. As you said, Richard, look, I know you're a contributor in our forums and we do appreciate that. We have a lot of active participants in our forums. We like to, I suppose, let the community answer some of those questions themselves before the engineers and the advocates dive in. It's a slow growth obviously, but we're seeing that happen as well too, so we do appreciate it. So communicate with us via forums, via @realm and go to our dev hub, consume those articles. The articles Richard mentioned about the chat app is on our dev hub by Andrew. If you go look there and select actually the product category, you can select just mobile and see all our mobile articles. Since certainly November of last year, I think there's 24, 25 articles there now. So, they are relatively recent and relatively current. So, I don't know, Richard, have you any parting words? I mean, where do people ... you said up to 50 users it's free, right? And all that.
Richard: Right. So, up to 50 users it's free. And then after that you would be charged a dollar for 1,000 users per month.
Shane: That's good.
Richard: Well, what we're going to try and do is push once we get the self hosted version. We're actually going to try and push developers into that option, we don't know the price of it yet, but it will be equally as affordable. And then you basically host your own authentication server on your own servers and you'll save all your users to your own Atlas cluster. Because one of the things we have bumped into is people go, "Well, I don't really know if I want to have all my user data hosted by you," and which is a valid point. It's very sensitive data.
Richard: And so that was why we wanted to build an option so your government agency, you can't share your user data, then you would host, we would just provide the software for you to do that and nothing more. And so that's where the self hosted version of CosyncJWT would do them.
Shane: Excellent. It sounds great. And look, you mentioned then your storage framework that you're building at the moment as well too. So hopefully, Richard, we can have you back in a couple of months when that's ready.
Richard: Great. Okay. Sounds good.
Richard: Thanks, Shane.
Shane: No problem at all. Well, look, thank you everybody for tuning in. This is recorded. So, it will end up on YouTube as well too and we'll send that link to the group once that's ready. We'll also end up on the developer hub where we've got a transcript of the content that Richard's presented here as well. That'd be perfect. Richard, you have some pieces in your presentation too that we can share in our community as well too later?
Richard: Yeah, yeah. That's fine. Go ahead and share.
Shane: Excellent. We'll certainly do that.
Shane: So, thank you very much everybody for joining, and look forward to seeing you at the future meetups, as I said, five of them over the next six weeks or so. Very, very [inaudible 01:00:34] time for us. And thank you so much, Richard. Really entertaining, really informative and great to see the demo of the live coding.
Richard: Okay. Thanks Shane. Excellent one guys.
Shane: Take care, everybody. Bye.