FrontConf 2020 - Userbase a Privacy First JS SDK

FrontConf 2020 - Userbase a Privacy First JS SDK

No more DB, no more Auth system, no more backend code to create secure, privacy-first applications. You can be GDPR compliant without worrying about users’data and enjoy writing your apps instead of dealing with authentication and signups. At Userbase, we created an open-source SDK to manage users.

The really popular Daniel Vassallo @dvassallo and a small team of other developers created an open-source, scalable backend to host users information in a private and secure way. The whole API is just 12 endpoints and they can be called from a static page. The documentation is available at https://userbase.com/docs/quickstart/ while the code is on GitHub: https://github.com/encrypted-dev/userbase/

Creating a new app with Signup/Login and multiple DB per user is a matter of a few minutes. No server-side code needed, it is really serverless, JAMStack development.

65b2289e168cb9b6a90078190f82e1cc?s=128

Luca Cipriani

March 21, 2020
Tweet

Transcript

  1. @mastrolinux FrontConf 2020 Userbase Privacy-first, Open Source, Serverless, JavaScript SDK

    to create secure web applications.
  2. @mastrolinux What do they have in common?

  3. @mastrolinux What do they have in common?

  4. @mastrolinux What do they have in common?

  5. @mastrolinux What do they have in common?

  6. @mastrolinux They have to manage users! Pretty standard no? Then

    let’s setup and oauth2 backend, or SAML, or OpenID or… Wait what?! You are (probably) a Frontend Engineer (I am not, but I know your pain)
  7. @mastrolinux Disclaimer My Frontend experience is ~ 0 I am

    a Cloud Architect and DevOps person I use Linux and Windows and I love Go and Python
  8. @mastrolinux Disclaimer But I feel at home here because of

    the CoC
  9. @mastrolinux What you (Dev) usually ask me First of all

    you ask me for an SSO, then a Database, and they have to be Simple to Use Secure GDPR Compliant No Backend Required Did I already say “Simple to Use”?
  10. @mastrolinux The problem 01 GDPR and CCPA are scaring small

    companies and developers. It is hard to be compliant. 02 Managing users, password resets, login/logout and storing user data has always been a repetitive task. 03 Storing data safely and creating a working scalable backend is still hard for many developers, Serverless and Jamstack are going to be more and more popular.
  11. @mastrolinux HISTORY MIT License, we do not fear competition Automatic

    AWS resource creation Super-small API Infinite scalability On Prem and SaaS Users’ data are a liability Existent software are way too complicated There are not many Open Source projects about this Most of them are about communications/chat (Signal API) Every solution is custom made
  12. @mastrolinux Then We Made It Obvious

  13. @mastrolinux SOLUTION Javascript SDK Few endpoints DBs are private for

    users Unlimited number of users Unlimited number of DBs Thanks to DynamoDB JS SDK Admin API
  14. @mastrolinux GETTING STARTED

  15. @mastrolinux SETUP AND LOGIN

  16. @mastrolinux SIGN-UP

  17. @mastrolinux SIGNUP • When a user signs up, the user's

    client generates a random seed. • This random seed has an associated public private key pair. • The user's client also generates an encryption key derived from the user's password. This encryption key is used to encrypt the user's random seed. • The user's client then sends the server the plaintext public key, as well as the user's encrypted random seed
  18. @mastrolinux SIGN-IN

  19. @mastrolinux USERS’ FORGOT PASSWORD?

  20. @mastrolinux DB OPERATIONS

  21. @mastrolinux DB OPERATIONS

  22. @mastrolinux

  23. @mastrolinux END TO END ENCRYPTED

  24. @mastrolinux LIVE DEMO WITH SYNC 182 LoC

  25. @mastrolinux RESOURCES • Official Repo Userbase • Complete Example Ugliest

    ToDo List • Works with ◦ Svelte ◦ Gatsby ◦ React ◦ Typescript ◦ Your own Framework/Tool
  26. @mastrolinux SUMMARY • SSO with Admin Panel • E2E Encryption

    • Infinite Scalability • Database real-time sync • Open Source • On Premise or SaaS
  27. @mastrolinux userbase.com twitter.com/mastrolinux medium.com/@mastrolinux THANK YOU!

  28. @mastrolinux Founder Daniel Vassallo 8 years at Amazon AWS (Cloudwatch

    Logs) Wrote the Book “The Good Parts of AWS” Wanted more motivation Started Userbase Years at AWS 8 Sharing online 100% Book 1 Twitter Star 90%
  29. @mastrolinux Dev Justin Berman Backend Developer ES6 Expert Working during

    the night Writing most of the backend code Node.js Experience 8 ES6 usage 100% Working at night 80% Backend code 75%
  30. @mastrolinux Dev Luca Cipriani 6 years at Arduino (CIO) Open

    Source lover Wants to experiment different technologies Helping Userbase with Testing Years at Arduino 6 Sharing online 100% Degrees 0 Manager 50%