Affordable Authentication for MongoDB App Services

Richard Krueger
5 min readAug 4, 2023


The Cosync JWT authentication server, developed as a self-hosted solution, addresses the inherent risks associated with conventional SaaS authentication services. Its design objectives encompass a range of goals, including but not limited to:

· Open Source (MongoDB Server Side Public License SSPL).

· Self-hosted on developer’s infrastructure stack.

· Affordable costs — not metered by the number of users.

· Operable from a command line interface.

· Exportable user credentials.

This article serves as a continuation of a story I previously published a few weeks ago, titled “MongoDB Authentication Demystified.” That earlier article provided an extensive overview of authentication systems for mobile and web cloud-based applications.

Open Source

Cosync Inc, based in Cary, North Carolina, wholeheartedly embraces the principles of the open-source community. The company’s approach to monetization revolves around providing tailored software enhancements to its open engines, offering software support, and offering subscriptions to the Cosync Portal. The Cosync Portal serves as a web-based user interface tool for managing COSYNC JWT hosts. To ensure accessibility, the subscription for the Cosync Portal is priced affordably at $29 per month, per developer seat. The Cosync company goal is to build a strong programming community around its self-hosted COSYNC JWT server offering.

For developers who are familiar with MongoDB Atlas and Microsoft Azure, setting up this product is a straightforward process. Cosync made the decision to release the software under the MongoDB Server Side Public License (SSPL) as it is a partner of MongoDB and develops various complementary tools for MongoDB developers around the Realm database. You can find a detailed description of the SSPL license here.

In essence, the SSPL license shares similarities with the GNU AGPL license, but it provides stronger safeguards when offering the self-hosted COSYNC JWT product as a service without contributing modifications back to the community.

Self-Hosted Architecture

The main distinction between the self-hosted COSYNC JWT authentication server and traditional SaaS authentication providers lies in the hosting aspect. With COSYNC JWT, the authentication service is operated and managed by the developer on their own servers. While Microsoft Azure is the recommended server framework, COSYNC JWT is compatible with any Linux box supporting Node.JS. The self-hosted server offers an HTTPS URL for communication between the Cosync Portal and the developer’s applications. The underlying database used by the self-hosted COSYNC JWT server is always a MongoDB Atlas cluster owned and operated by the developer. Cosync takes advantage of MongoDB and Azure’s scalability, availability, and security features. By shifting the user growth overhead to the developer’s infrastructure, Cosync can offer a straightforward and affordable pricing model. Unlike most SaaS authentication providers, Cosync charges based on the number of developers rather than metering users.

By opting for the self-hosted COSYNC JWT solution, developers gain a significant level of control over their infrastructure stack. One notable advantage is the absence of dependency on a proprietary service that might unpredictably raise prices in the future. The self-hosted COSYNC JWT server is open source and operates on the developer’s own servers. Even if Cosync, Inc were to cease operations, the developer’s application would continue to function. The only charges incurred are for accessing the Cosync Portal, an administrative panel that facilitates configuration of Cosync hosts and applications through an intuitive graphical user interface. If the Cosync Portal becomes inaccessible, developers can still use the COSYNC JWT command line interface (CLI) to manage their self-hosted server.

Another benefit is that all user credentials and associated metadata are stored within a MongoDB Atlas cluster rather than being held behind a SaaS authentication provider’s firewall. This allows developers to inspect and manipulate user data using the comprehensive toolset provided by MongoDB Atlas, as well as seamlessly integrate it into other backend systems.

Typical SaaS authentication firewall

Lastly, if a developer decides to switch to a different authentication provider, the user credentials linked to a host can be exported to a collection of CSV files. While it would be regrettable to see a developer leave the COSYNC JWT ecosystem, the company would accept their decision without heartbreak.

In terms of server scalability, the COSYNC JWT authentication solution can scale as effectively as Microsoft Azure, which offers high scalability based on the developer’s allocated resources and associated costs. Similarly, from a data perspective, the scalability of COSYNC JWT aligns with MongoDB Atlas, a highly scalable database platform.

Regarding security, COSYNC JWT inherits the robust security measures implemented by MongoDB. It is expected that developers will apply the same level of diligence in securing Cosync JWT user data as they would with their application data stored on MongoDB Atlas. Notably, MongoDB Atlas employs IP whitelisting, making it challenging for external parties to breach the system’s defenses.

The self-hosted COSYNC JWT authentication server is particularly well-suited for smaller mobile applications that have relatively simple authentication requirements and limited budget to invest in a comprehensive SaaS authentication provider. While there are certain authentication categories, such as fintech software or medical records access, where COSYNC JWT may not serve as a direct replacement for Okta’s Auth0 product or other SaaS providers, there are numerous applications that don’t necessarily require the same level of sophistication or incur high costs.

Take, for instance, applications such as a login system for a swimming pool controller, which may not necessitate the intricacies or costs of advanced authentication solutions. In such cases, Cosync JWT steps in to offer an open-source alternative that effortlessly integrates into a MongoDB developer’s stack at a considerably lower expense. We extend a warm invitation to MongoDB developers to explore and utilize our product for free at

The COSYNC JWT system provides the following authentication features for MongoDB software developers

  • Email login/signup
  • Email identity verification through SendGrid
  • Username handles
  • Two-factor phone verification through Twilio
  • Two-factor Google Authenticator verification
  • Onboarding through invitation
  • Customized email/SMS templates
  • Multi-language support
  • REST API to authentication system
  • iOS, Android, and React Native SDKs to REST APIs
  • Sample applications for iOS, Android, and React Native
  • Configuration of MongoDB App Services through Portal
  • Export of User database to CSV files
  • Anonymous login
  • User Metadata fields integrated with MongoDB App Services
  • Password requirement enforcement
  • Customization of no-reply email
  • User dashboard
  • Event logs to authentication system

For developers seeking to evade the drawbacks of costly authentication systems and embrace the security of public/private key encryption, COSYNC JWT could be the ideal path to an affordable future. Bid farewell to the confines of expensive SaaS authentication and embark on a journey towards liberation. Let COSYNC JWT unlock the door to a budget-friendly and liberating horizon ahead.



Richard Krueger

I have been a tech raconteur and software programmer for the past 25 years and an iOS enthusiast for the last eight years. I am the founder of Cosync, Inc.