FrontConf 2020 - Userbase a Privacy First JS SDK

Transcript

1. @mastrolinux FrontConf 2020 Userbase Privacy-first, Open Source, Serverless, JavaScript SDK

   to create secure web applications.

2. @mastrolinux What do they have in common?

3. @mastrolinux What do they have in common?

4. @mastrolinux What do they have in common?

5. @mastrolinux What do they have in common?

6. @mastrolinux They have to manage users! Pretty standard no? Then

   let’s setup and oauth2 backend, or SAML, or OpenID or… Wait what?! You are (probably) a Frontend Engineer (I am not, but I know your pain)

7. @mastrolinux Disclaimer My Frontend experience is ~ 0 I am

   a Cloud Architect and DevOps person I use Linux and Windows and I love Go and Python

8. @mastrolinux Disclaimer But I feel at home here because of

   the CoC

9. @mastrolinux What you (Dev) usually ask me First of all

   you ask me for an SSO, then a Database, and they have to be Simple to Use Secure GDPR Compliant No Backend Required Did I already say “Simple to Use”?

10. @mastrolinux The problem 01 GDPR and CCPA are scaring small

    companies and developers. It is hard to be compliant. 02 Managing users, password resets, login/logout and storing user data has always been a repetitive task. 03 Storing data safely and creating a working scalable backend is still hard for many developers, Serverless and Jamstack are going to be more and more popular.

11. @mastrolinux HISTORY MIT License, we do not fear competition Automatic

    AWS resource creation Super-small API Infinite scalability On Prem and SaaS Users’ data are a liability Existent software are way too complicated There are not many Open Source projects about this Most of them are about communications/chat (Signal API) Every solution is custom made

12. @mastrolinux Then We Made It Obvious

13. @mastrolinux SOLUTION Javascript SDK Few endpoints DBs are private for

    users Unlimited number of users Unlimited number of DBs Thanks to DynamoDB JS SDK Admin API

14. @mastrolinux GETTING STARTED

15. @mastrolinux SETUP AND LOGIN

16. @mastrolinux SIGN-UP

17. @mastrolinux SIGNUP • When a user signs up, the user's

    client generates a random seed. • This random seed has an associated public private key pair. • The user's client also generates an encryption key derived from the user's password. This encryption key is used to encrypt the user's random seed. • The user's client then sends the server the plaintext public key, as well as the user's encrypted random seed

18. @mastrolinux SIGN-IN

19. @mastrolinux USERS’ FORGOT PASSWORD?

20. @mastrolinux DB OPERATIONS

21. @mastrolinux DB OPERATIONS

22. @mastrolinux

23. @mastrolinux END TO END ENCRYPTED

24. @mastrolinux LIVE DEMO WITH SYNC 182 LoC

25. @mastrolinux RESOURCES • Official Repo Userbase • Complete Example Ugliest

    ToDo List • Works with ◦ Svelte ◦ Gatsby ◦ React ◦ Typescript ◦ Your own Framework/Tool

26. @mastrolinux SUMMARY • SSO with Admin Panel • E2E Encryption

    • Infinite Scalability • Database real-time sync • Open Source • On Premise or SaaS

27. @mastrolinux userbase.com twitter.com/mastrolinux medium.com/@mastrolinux THANK YOU!

28. @mastrolinux Founder Daniel Vassallo 8 years at Amazon AWS (Cloudwatch

    Logs) Wrote the Book “The Good Parts of AWS” Wanted more motivation Started Userbase Years at AWS 8 Sharing online 100% Book 1 Twitter Star 90%

29. @mastrolinux Dev Justin Berman Backend Developer ES6 Expert Working during

    the night Writing most of the backend code Node.js Experience 8 ES6 usage 100% Working at night 80% Backend code 75%

30. @mastrolinux Dev Luca Cipriani 6 years at Arduino (CIO) Open

    Source lover Wants to experiment different technologies Helping Userbase with Testing Years at Arduino 6 Sharing online 100% Degrees 0 Manager 50%