Bindaas 4.0.0 Release Notes
Bindaas 4.0.0 is a Bindaas major release. With this release we are introducing a new set of authentication/authorization mechanisms for improved security and scalability. These features are built on top of a new authentication protocol - JSON Web Tokens (JWTs) as compared to the existing protocol of API Keys. These features are entirely backward compatible and can be turned off by changing the authentication protocol.
Access the Release: Binary and the source code archives
The user can now switch between authentication protocols - JWT and API Key. All of the new features in this release are only available when the protocol is set as JWT . This will allow the user to use auth0. For details please check Configure Bindaas' Authentication Protocol
Bindaas can now be configured to use an external authentication provider - auth0. Bindaas no longer needs to generate/manage tokens. Access Tokens from auth0 can be used to call Bindaas endpoints. To know more about the advantages and steps to configure the same please check Configure auth0 with Bindaas
The user can enable authorization to restrict access to their collections. Only users with specific roles will be allowed to call the mongo endpoints. This functionality is limited to the Mongo provider at the moment and will be extended soon. To configure the same please check Enable Authorization for Mongo Provider
When using API Keys, it is assumed that only administrators can login to the web console. By using the JWT authentication protocol the web console will be rendered as the per the role of the logged in user. Therefore a non-admin user will only be to manage the access tokens related to his account, whereas a user with admin role will be able to manage all active access tokens.
The trusted-app-client.jar file is now bundled with Bindaas. A new (optional) argument for protocol has been added. For more details please check the wiki on Bindaas Trusted App Client