Authentication without the SDK

John_Saigle · September 11, 2020, 11:30pm

Hi,

I am working on a game that will be making heavy use of cloud data. We are currently using Realm and Atlas.

We are developing in Unreal Engine which does not have a Realm SDK. As a result I have been trying to develop a NodeJS server that will act as a “gateway” to Realm functionality. The idea is for the game to make requests to an endpoint like ourapi.com/user/login which will then authenticate using the NodeJS SDK behind the scenes.

As I am researching this approach I am realizing that there will likely be a problem with session management. My understanding after a lot of digging through documentation is that Realm will store users locally, in the case of Node in a folder on the server. Only one user can be “Active” and any database interactions will happen in the context of that user.

I am imagining a scenario like the following:

User A authenticates to the Node API
Node API logs into Realm. The active user is set to User A.
User B authenticates to the Node API
Node API logs into Realm. The active user is set to User B.
User A requests to see their profile from the Node API

What happens next? Will Realm return User B’s data instead of User A because only one user can be active at once? How can multiple users be active at a time?

I would really appreciate guidance here.

Ian_Ward · September 12, 2020, 1:04am

@John_Saigle What do you mean by Active user here? Can you explain more? I believe you are actually try to call login() with the user’s credentials and the open the realm as that user? For this kind of architecture we typically recommend that node.js server logs in to MongoDB Realm as an administrator role. From there, it can open any user’s realm and serve that data via its REST interface to the correct user.

John_Saigle · September 14, 2020, 1:57pm

Thanks for the quick reply.

I’m using the term “active user” based on this documentation: https://docs.mongodb.com/realm/authentication/#active-user

So if I understand you correctly, the nodeJS server would have a single user, e.g. db_user that would handle retrieving the data from Realm and that the logic on the server would return those results as JSON responses.

That makes sense to me in terms of data access. However, this means that it’s not possible to take advantage of Realm’s session management or login functionality, right? Because there’s only db_user, no other user would be logging into Realm.

Ian_Ward · September 14, 2020, 9:30pm

Yeah - that’s generally correct because you are essentially injecting a middleware server in between the Realm clients and the server-side Ream cloud so you need to implement your own session management. One thing you might want to consider is using Realm cloud’s webhooks since they could be used for GETs and POSTs - not sure how complicated you wanted this middleware logic to be but it could work for you -
https://docs.mongodb.com/realm/services/http/index.html

John_Saigle · September 14, 2020, 9:44pm

Fair enough. Thanks for clarifying.

kraenhansen · September 15, 2020, 8:26am

Out of curiosity, what APIs of the SDK would you want expose via your Node.js server? Are you planning on using Realm Sync or are you only accessing data via the “MongoDB service” apis?

In general all APIs exposed on a specific “user” object in the SDKs should request in the context of that user and not the active user. The active user is ment more as a shortcut for people developing apps where a single user is active at any given time.

That being said, I am also a bit curious why you want to add a “gateway” in front of the Realm services? Is this because you have your own authentication scheme? Then you might benefit from using a custom JWT provider. As your use case is a game, I hope you’re also considering the downside to this approach, namely that your users will experience a higher latency and your setup won’t benefit from the ability to globally deploy your MongoDB Realm app (again lowering the latency).

John_Saigle · September 15, 2020, 2:23pm

We’re planning to have a cloud component to our games. For example a user might have a character unlocked from in an in-game store. This character may have a specific outfit they can be configured to wear.

We would use Realm to, for example, allow someone to customize their character in a web app or in an app on their phone. They would be using Realm login to access their account details on Atlas. This same process would be used to login from an HTTP call from within the game.

The idea for a “gateway” was a solution to there being no “Unreal Engine Realm SDK”. We thought it would be possible for the engine to make HTTP calls to the NodeJS API which would access Realm under the hood. However with only one active user this isn’t possible as the server would need to have some kind of session management middleware as your colleague pointed out.

In addition to the login APIs we were using some webhooks and database triggers within Realm. We used remoteMongoClient for data access for users.

Ultimately since it looks like this isn’t really the proper use case for Realm we’ll likely move away from Realm and use a different method to access Atlas data via the back-end.