Data API using Bearer authentication "user does not belong to app"


When i authenticate a user using JWT authentication and use the token received in response, I get the following error

    "error": "user does not belong to app",
    "error_code": "UserAppDomainMismatch",
    "link": ""

I am unable to find the cause of this error and hence unable to resolve the same.

Any help appreciated.

Hi @Kaustubh_Joshi3,

Where is the JWT coming from, and how are you using it within the HTTP request? Are you complying with the JWT Authentication for Data API?

If you post the exact request (you can remove the signature part of the JWT, but looking at the payload helps), we may give you a better diagnosis.

Hi Paolo,

Thanks for your response.

I tried various ways to connect using REST API initially using Google and then JWT auth.

The below scenarios are with Custom JWT Authentication.

First, I enabled ‘Custom JWT Authentication’ in ‘Authentication Providers’.

Then inside the code,

I receive the token from Google and then I use it in the following way

    const app = new Realm.App({
      id: "app-id",
    const credentials = await Realm.Credentials.jwt(response.credential);
    const user = await app.logIn(credentials);
    alert(`Logged in with id: ${}`);

I receive the ‘user’ object.

Then, I tried using the ‘user.accessToken’ in my HTTP requests in following way:

  1. Bearer Authentication
let headers = new HttpHeaders({ 'Content-Type': 'application/json', 'Authorization': 'Bearer ' + user.accessToken});

When I use this way, I get a

UserAppDomainMismatch Error

user does not belong to app

Authentication Method:
Bearer Authentication

  1. jwtTokenString in Header
let headers = new HttpHeaders({ 'Content-Type': 'application/json', 'jwtTokenString': user.accessToken});

In this case, I get below response

Access to XMLHttpRequest at ‘’ from origin ‘https://…’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

In the network access for the time being all requests are allowed.

I have one query, How come one request passes through (Bearer Auth - even though it gives an error) while other get blocked with CORS error?

Awaiting your advice.

With regards,

Hi @Kaustubh_Joshi3

This should work, so it’s probable there’s a misconfiguration somewhere in your app setup (the audience, perhaps?). Again, if you can provide the whole raw request, or at least the payload of the JWT, and the app ID you’re trying to connect to, I can check whether everything matches. Feel free to use a private message if there are details you don’t want to share in a public forum.

This however is wrong: you should use jwtTokenString directly with the JWT you get from the outside service, i.e. the whole login process with Realm is redundant.

Let me know how you want to proceed.

For all those referring this thread.

I shared test payloads with Paolo (from MongoDB) and he helped to understand the cause of the error.

I had created a custom app using App Services and was trying to access the database using DataService API.

Data APIs are part of an app, and are specific (hence different) for each app.
Any newly created app doesn’t have any Data API of its own.

So even though I was able to sign-in into the new app, I was using the Data API of the default app. i.e. I was signing into one app and using the data api of another.

Hence, I was getting an error ‘user does not belong to app’.

Thanks to Paolo for the help.