You can now use your Google account to log into the Juno Console, and developers can add the same familiar login experience natively to the projects they are building.
Hey everyone π
Today marks quite a milestone and I'm excited to share that Google Sign-In is now live across the entire Juno ecosystem.
From my perspective, though time will tell, this update has the potential to be a real game changer. It brings what users expect: a familiar, secure, and frictionless authentication flow.
It might sound a bit ironic at first - we're integrating Google, after all - but I'm genuinely happy to ship this feature without compromising on the core values: providing developers secure features and modern tools with a state-of-the-art developer experience, while empowering them with full control over a cloud-native serverless infrastructure.
Authentication is one of those things every product needs but, it's complex, it touches security, and it's easy to get wrong.
Until now on Juno, developers could use Internet Identity, which has its strengths but also its weaknesses. It provides an unfamiliar login flow - is it an authentication provider or a password manager? - and it's not a well-known product outside of its niche.
Passkeys were also added recently, but you only have to scroll through tech Twitter to see that for every person who loves them, there's another who absolutely hates them.
That's why bringing native Google Sign-In to Juno matters. Developers can now offer their users a familiar, frictionless login flow - and let's be honest, most people are used to this signing and don't care much about doing it differently.
At the same time, this doesn't mean giving up control. The authentication process happens entirely within your Satellite, using the OpenID Connect standard.
You can obviously combine multiple sign-in methods in one project, offering your users the choice that best fits their needs.
When it comes to Juno itself, this also matters for two reasons: it potentially makes onboarding - through the Console - more accessible for web developers who don't care about decentralization but do care about owning their infrastructure ("self-hosting"). And it opens the door to future integrations with other providers. I still hope one day to have a better GitHub integration, and this might be a step toward it.
Long story short, it might look like a trivial change - just a couple of functions and a bit of configuration - but it's another step toward Juno's long-term goal of making it possible to build and scale modern cloud products without compromising on what matters most: empowering developers and their users.
At this point, you get the idea: aside from using Google as a third-party provider, there's no hidden βbig techβ backend behind this. Everything else happens within your Satellite.
The credentials you configure - your Google project and OAuth 2.0 Client ID - are yours. In comparison, those used in Internet Identity are owned by the DFINITY Foundation. So, this approach might feel less empowering for end users or more empowering for developers. You can see the glass half full or half empty here.
To validate tokens on the backend, your container needs access to the public keys Google uses to sign them. Since those keys rotate frequently, fetching them directly would introduce extra cost and resource overhead.
That's why the Observatory - a shared module owned by Juno (well, by me) - comes in. It caches and provides Google's public keys, keeping verification fast, efficient, and cost-effective.
Because Juno is modular, developers who want full control or higher redundancy can run their own Observatory instance. Reach out if you're interested.
I tagged a new release as I deployed a new version of the Console UI to mainnet.
Aside from the updated navigation, which now displays the page title within breadcrumb-style navigation, and a few minor fixes, not much has changed feature-wise.
The biggest change in the frontend's codebase, which explains why so many files were touched, is a refactor to adopt the new pattern Iβve been using for DID declarations.
Instead of relying on auto-imported separate types, I now prefer grouping factories in a single module, exporting them from there, and importing the types through a suffixed module DID alias.
You can check out the pattern in Juno's frontend codebase or in the ic-client JS library. If you're curious about it, let me know.
Itβs a small structural shift that makes the code much cleaner and more readable.
Finally, there are a few new E2E tests added in this repo and in the CLI.
This release focuses on frontend changes in the Console:
You can now label your Satellites with environment flags and tags. These appear in the launchpad, switcher, and overview. On the launchpad, they can also be used as search filters to quickly find the right Satellite.
A new navigation feature β called βSpotlightβ or βQuick Accessβ β lets you jump anywhere in the Console or run actions (such as changing the theme) in seconds. Open it with the search icon in the navbar or by pressing Ctrl/Cmd + K.
Hopefully these make building with the Console a little more fun (and faster)!
Authentication is a core part of building any app. Until now, developers on Juno have relied on third-party providers like Internet Identity and NFID. Today we're providing a new option: Passkeys.
This new authentication option is available to all developers using the latest Juno SDK and requires the most recent version of your Satellite containers. You can now enable Passkeys alongside existing providers, and the JavaScript SDK has been updated to make authentication APIs more consistent across sign-in, sign-out, and session management.
Passkeys are a passwordless authentication method built into modern devices and browsers. They let users sign up and sign in using secure digital keys stored in iCloud Keychain, Google Password Manager, or directly in the browser with Face ID, Touch ID, or a simple device unlock instead of a password.
Under the hood, Passkeys rely on the WebAuthn standard and the web API that enables browsers and devices to create and use cryptographic credentials. Passkeys are essentially a user-friendly layer on top of WebAuthn.
When stored in a password manager like iCloud Keychain or Google Password Manager, passkeys sync across a userβs devices, making them more resilient, though this does require trusting the companies that provide those services. If stored only in the browser, however, they can be lost if the browser is reset or uninstalled.
The good news is that most modern platforms already encourage syncing passkeys across devices, which makes them convenient for everyday use, giving users a smooth and safe way to log into applications.
Each authentication method has its strengths and weaknesses. Passkeys provide a familiar, device-native login experience with Face ID, Touch ID, or device unlock, relying on either the browser or a password manager for persistence. Internet Identity and NFID, on the other hand, offer privacy-preserving flows aligned with the Internet Computer, but they are less familiar to mainstream users and involve switching context into a separate window.
In practice, many developers will probably combine Passkeys and Internet Identity side by side, as we do in the starter templates we provide.
Ultimately, the right choice depends on your audience and product goals, balancing usability, privacy, and ecosystem integration.
As you can notice, unlike with existing third-party providers, using Passkeys requires a distinct sign-up and sign-in flow. This is because the WebAuthn standard is designed so that an app cannot know in advance whether the user has an existing passkey, and this is intentional for privacy reasons. Users must therefore explicitly follow either the sign-up or sign-in path.
It is also worth noting that during sign-up, the user will be asked to use their authenticator twice:
once to create the passkey on their device
and once again to sign the session that can be used to interact with your Satellite.
Given these multiple steps, we added an onProgress callback to the various flows. This allows you to hook into the progression and update your UI, for example to show a loading state or step indicators while the user completes the flow.
import{ signUp }from"@junobuild/core"; awaitsignUp({ webauthn:{ options:{ onProgress:({ step, state })=>{ // You could update your UI here console.log("Progress:", step, state); } } } });
Previously, calling signIn() without arguments defaulted to Internet Identity. With the introduction of Passkeys, we decided to drop the default. From now on, you must explicitly specify which provider to use for each sign-in call. This makes the API more predictable and avoids hidden assumptions.
In earlier versions, providers could also be passed as class objects. To prevent inconsistencies and align with the variant pattern used across our tooling, providers (and their options) must now be passed through an object.
By default, calling signOut will automatically reload the page (window.location.reload) after a successful logout. This is a common pattern in sign-out flows that ensures the application restarts from a clean state.
If you wish to opt out, the library still clears its internal state and authentication before the reload, and you can use the windowReload option set to false:
To make the API more consistent with the industry standards, we introduced a new method called onAuthStateChange. It replaces authSubscribe, which is now marked as deprecated but will continue to work for the time being.
The behavior remains the same: you can reactively track when a user signs in or out, and unsubscribe when you no longer need updates.
Passkeys are now available, alongside updates to the authentication JS APIs. With passwordless sign-up and sign-in built into modern devices, your users get a smoother experience.
Check out the updated documentation for details on:
Let me know if anything looks fishy β and happy coding! π¨βπ§
π₯οΈ Two screenshots from the Console new features
The new βNotificationsβ component:
The overall look: collapsible menu, redesigned tabs, more prominent actions, and more.
As a side note on this release: aside from the custom domain feature, I think itβs now possible to configure your entire project β including authentication, data, storage, and emulator β directly within the Juno config file. Plus with type safety as the cherry on top.
This is especially handy for maintainability or if your project can be forked.
Hereβs an example config that shows where and how the project is deployed, which headers to apply to assets, defines the structure of that data, and which image to use when running the emulator with Podman:
