min read

Release Notes - Public Authentication

Today we are announcing public auth for apps without a backend...

Release Notes

The theme of today’s release is about expanding access. We want to meet our customers wherever they are and provide a solution that seamlessly integrates with whatever technologies they choose to use. For many indie apps that don’t have a backend, Parra is completely inaccessible or they need to add major infrastructure (a backend with authentication) to be able to integrate with Parra. Today we are announcing public auth for these companies. The easiest way to get up and running with the Parra SDK for companies without a backend.

What’s New

  • Public API Keys -- you can now create public API Keys in the developer section of the Parra dashboard
  • Public access token endpoint -- you can now use the Parra public access token endpoint to issue access tokens for your users if your app does not have a backend

How to Use Public Auth

To use public auth, head over to the developer section of the Parra dashboard and create a public API key by clicking the more options dropdown and turning on the public toggle. Client SDKs will be able to use the issue public access token endpoint by making a  `POST` request to the `/tenants/:tenant_id/issuers/public/auth/token` route to sign a public access token for a user while providing the id of the user in their system and including the API key ID of a public API key as public authentication.  The endpoint will then sign a public access token using the secret which is never exposed outside of the Parra backend. This is not recommended as it is generally insecure, but it is a valid use case that many client-side SaaS companies use. This access token will be restricted to the tenant user based endpoints (i.e. answering a question or reporting an analytics event) and not general API access. Check out our docs to learn more.

Ian MacCallum