MongoDB Stitch - Service for Authentication and Issuing Tokens

Question

As per documentation, there are several Authentication Providers which are available via SDK to authenticate a user.

Regardless of that, I have a few queries to implement Token Based Authentication via configuring External Services.

• Is there a way to create a Service to Authenticate instead of using SDK with clients. Basically, I want to create/configure a Service in Stitch which in-turn authenticate a user against the provided credential and needs to issue a JWT (similar to Custom Authentication Provider in SDK)?
• All other subsequent Service requests are requested with this token which needs to be validated by the service before responding.

The reason is, I want to have all implementations in Single Place (Stitch Services) instead of using several SDK for different clients e.g. Web, Mobile etc.

Answer 1

Is there a way to create a Service to Authenticate instead of using SDK with clients

Currently, no. This is because an application needs to be authenticated first before being able to utilise Stitch Services.

Depending on the application requirements, the application could try to use Anonymous Authentication to access an External Service for your custom authentication. Although this means:

• You need to handle the service actions returns as authentication
• Other aspects of applications (functions, services, etc) are also available with anonymous authentication. Adjust rules appropriately.

Depending on the application use case, it's likely safer to write Custom Authentication for multiple clients.