How Custom Authentication Works in MongoDB Stitch
Following MongoDB Custom Authentication, it is given that any JWT Token with the minimal below fields works with the MongoDB Stitch Authentication. Also, token needs to be issued by External Authentication System
{
"aud": "<stitch app id>"
"sub": "<unique user id>",
"exp": <NumericDate>,
}
I've tested this and it works as well
- Created Stitch App and enabled Users with
Custom Authentication Provider - Generated Sample Token through Jwt.io with the below inputs. (Use same algorithm and key as configured when enabling Custom Authentication Provider, Here it is, HS256 and the )
It works in the way,
- It is validating the users in MongoDB Stich Users Collection with the unique
valueprovided insub:"sub": "<unique user id>"and if the user is present then it returning the Object Id for that User. - If the user is not present then it is creating one against the input and returning the Object Id.
Queries are,
- Why it is creating a new user instead of returning login failure, which in turn works like any user can log in with any credentials on demand?
- If
MongoDB Stitch Custom AuthenticationinvolvesExternal Authentication Systemto issueJWT, where the user data will be actually stored when user registration? -MongoDB Stitch App CollectionorExternal Authentication API System?
Here is the response from MongoDB Support
Why is Stitch creating a new "User"
The "User" Stitch creates in this scenario is an internal user. This "user" also contains the user data and metadata provided from the JWT and is not stored alongside your other collections in the Atlas cluster your application is linked against. Note that this "user" is not accessible to MongoDB without using a trigger or other function to load it into the database.
Why isn't a login failure returned
A login failure is not being returned because the custom authentication provider is only checking the signed JWT from the external system against its own copy of the signing key. If the signatures match then the login is deemed successful.
It is the responsibility of the external authentication provider to fail the login; not Stitch.
Where will the user data actually be stored
The user data should be managed within your database. The most efficient way to integrate this with the Custom Authentication provider is to use an Authentication Trigger on Create and/or Login operation types. This would allow you to run a Stitch Function any time an authentication event is triggered.
There is an example of using authentication triggers on the MongoDB blog which may help explain the process further.
- In MongoDB's pymongo, how do I do a count()?
- How to Set TTL in MongoDB uing C# MongoDriver
- Does mongodb community operator supports sharding architecture?
- Spark read from MongoDB and filter by objectId indexed field
- How to install Robomongo from tar.gz file as a program in Ubuntu 15.10
- Couldn't save data in to mongodb
- $setIsSubset for regular queries in Mongo
- In hosting Next.js app to Vercel, backend API is not working
- Error: querySrv ENOTFOUND _mongodb._tcp.dbname.fzofb.mongodb.net
- Installing MongoDB with Homebrew
- Difference between count() and find().count() in MongoDB
- Mongoose error: lodash bind no longer accepts a callback function
- mongoose model.save() return TypeError: callback is not a function
- How can I generate an ObjectId with mongoose?
- Can't use mongo command, shows command not found on mac
- Mongo Compass find elements containing a list where properties match
- Get Index of Sub Array in MongoDB
- Getting com.mongodb.MongoSocketReadException: Prematurely reached end of stream- MongoDB
- Point not a valid property - MongoDB & Grails 3.3+
- How to set different TTL for every document in MongoDB
- How do I use a guid in a mongodb shell query
- How to prevent race conditions with upsert=True in MongoDB when avoiding conflicting entries?
- Order by based on field created by relationship
- Error connecting to MongoDB on Render.com: MongooseServerSelectionError
- Mongodb v4.0 Transaction, MongoError: Transaction numbers are only allowed on a replica set member or mongos
- How do i mock MongoDb Connection and Test it
- Query CosmosDB document using C#
- MongoDB have an integer always be positive
- Convert string to double and compare with in array of objects
- Mongoose, updating a single element in array of numbers