For the past six months we’ve been hard at work on an authentication and user accounts system for Meteor. Today is the day that it all comes together. Meteor 0.5.0, available today, allows you to write secure realtime client-server applications in pure JavaScript. It’s the only system of its kind in the world.

We’re also releasing a new screencast that shows off what it’s like to develop with these powerful new tools. If you liked the first Meteor screencast you should definitely check this one out. We hope you’ll share it with your friends and coworkers too.

We are thankful for the immense amount of support that we received in putting together this release — from those of you on meteor-core and meteor-talk, from those of you who are already using Meteor in commercial environments or making money from Meteor consulting, from everyone who sent pull requests, from those of you that have been giving awesome conference talks and religiously answering questions on Stack Overflow and Quora. Without this support there would be no Meteor. In fact, 0.5.0 contains more community patches than every previous Meteor release combined.

Today’s release includes everything necessary to build and deploy secure applications using Meteor:

New authentication APIs on the server: a Meteor.allow API that controls which data a Meteor client is allowed to change in the database, and hooks that give the Meteor server control over what data it sends to each client. These core APIs operate at the wire protocol layer, so they establish a strong foundation for security.

API that controls which data a Meteor client is allowed to change in the database, and hooks that give the Meteor server control over what data it sends to each client. These core APIs operate at the wire protocol layer, so they establish a strong foundation for security. Meteor Accounts, a state-of-the-art user account system built on top of the core Meteor authentication APIs. Accounts provides a set of high-level APIs to manage user accounts, which are stored in the Meteor.users collection.

collection. Support for the Secure Remote Password protocol. Developed at Stanford, SRP lets a user securely log in to a server without ever sending that server their unencrypted password. The kind of high-profile security breaches at LinkedIn and Pandora earlier this year are impossible with SRP. Instead of asking every application developer to safely store passwords, we’ve baked the very best technology right into Meteor Accounts.

Smart packages for major OAuth login services, including Google, Facebook, Twitter, GitHub, and Weibo. Packages for additional providers are also available on Atmosphere, a repository for community packages.

Accounts UI, a set of login, signup, and password reset forms that drop right into an application with one line of code. Accounts UI also provides configuration wizards for each of the OAuth login packages.