October 30, 2023
-
3
Min Read

Momento Topics just got more secure: introducing embedded token identifiers

Build more secure and efficient pub/sub systems with token identifiers in Momento Topics.
Pratik Agarwal
Allen Helton
Headshot of the blog author
by
Pratik Agarwal
,
Allen Helton
,
by
Pratik Agarwal
by
Allen Helton
green squirrel logo for momento
Pratik Agarwal
,
Allen Helton
,
Topics

We’re excited to announce a significant enhancement in our Momento Topics authentication system: the ability to embed identifiers within Momento tokens. This advancement fortifies security and streamlines the authentication process, marking a move towards a more efficient user verification mechanism.

Now, instead of transmitting sensitive user identifiers like usernames or emails with every interaction, the identifier is encapsulated within the token itself. This transition not only marks a reduction in data transfer costs but also optimizes the user verification process, making it more straightforward and secure.

Creating an identifiable token

The process initiates during the user's first interaction, where the username is passed to the token generation API, generateDisposableToken, which then embeds the identifier. This ensures a secure and seamless identification process in every subsequent interaction.


const tokenPermissions: DisposableTokenScope =
  TokenScopes.topicPublishSubscribe(AllCaches, AllTopics);

const tokenExpiresIn: ExpiresIn = ExpiresIn.minutes(30);

return await authClient.generateDisposableToken(
    tokenPermissions,
    tokenExpiresIn,
    { tokenId: username }, // optional identifier
  );

Use Cases

Audit Trails

Embedding identifiers opens the door to robust audit trails. Each user action is now uniquely associated with an identifier, simplifying the task of tracing activities back to individual actors. This is fundamental for compliance, forensic investigations, and ensuring system transparency and accountability.

Unique Actor Identification

Moreover, this new capability shines in uniquely identifying actors within our system, establishing a secure and unmistakable identification mechanism. This is crucial in scenarios demanding precise user identification, such as financial transactions or sensitive data access.

Secure E-commerce Transactions

In the e-commerce realm, embedding identifiers facilitate secure identification of customers during transactions, enhancing both security and data integrity.

Case Study: Chat 

Our chat application serves as a practical illustration of embedding identifiers within Momento tokens. The enhancement mitigates security risks associated with sending messages as the sender’s identity is now securely verified via the token. For a deeper dive into the implementation, check out the repository and revisit our previous blog post on the chat application.

Conclusion

The ability to embed identifiers in Momento tokens is a meaningful stride towards a more secure and efficient user verification landscape. We invite you to explore the updated authentication system and share your invaluable feedback as we continue improving the security and efficiency of our digital environment.

Embark on this journey with us towards enhanced security and efficiency. Every step towards a more secure authentication mechanism is a step towards delivering a better user experience. 

Our team is always ready to assist you as you navigate through this new authentication landscape—reach out on Discord with any questions. Happy authenticating!

Pratik Agarwal
Allen Helton
by
Pratik Agarwal
,
Allen Helton
,
by
Pratik Agarwal
by
Allen Helton
green squirrel logo for momento
by
Pratik Agarwal
,
Allen Helton
,
Learn More
Author
Pratik Agarwal

Pratik is a software engineer at Momento, specializing in distributed systems. With a rich background spanning roles at prominent teams like AWS DynamoDB and Marketplace, he has honed his expertise across the backend stack. Now at Momento, Pratik is on a mission to elevate the developer experience, rooted in his conviction that it's a cornerstone of serverless computing. Beyond the code, he is passionate about kickboxing and cricket, and loves delving into the strategic nuances of poker, always seeking the upper hand at the table.

Author
Allen Helton

Allen is an Ecosystem Engineer at Momento. He comes from over a decade of experience working in the public sector tech industry where he played a key role in advancing the adoption of modern technology in the space. Allen drives API-first development and pushes for best-in-class developer experience for customers. When he's not talking about serverless, you can find Allen tending to his homestead. Between feeding the chickens, working in the garden, or building fences, Allen is always outside learning something new and teaching his kids some lessons along the way.

Author

More Blog Posts

May 1, 2024
-
3
Min Read

It’s official - we’re verified on Postman!

We’re proud to announce our official verification on Postman, promising enhanced reliability and smoother user experiences.
Security
April 30, 2024
-
4
Min Read

Three key questions to pave the way for success with serverless

Find out if your enterprise is ready for true agility powered by serverless.
Serverless
April 23, 2024
-
5
Min Read

How to fix connection timeout issues with AWS Lambda in VPCs

Address connection timeouts with AWS Lambda in VPCs by understanding networking limits.
Engineering
Open