Hello @Nick_Olson
Thank you for joining the MongoDB Forum community - My name is Josman and I am happy to assist you with your question.
GraphQL requests are authenticated using a Realm Access Token (passed as “Authorization: Bearer” header) or using one of the less recommended approaches: “api-key” header, basic authentication with email/password, or passing “jwtTokenString” header with the full JWT token
Under the hood, when you use the recommended way to authenticate GraphQL requests, you need to generate an access_token
first. Therefore, you will need to use one of the authentication providers Realm offers to issue an access_token
.
Following my previous example, if I use the email/password provider, I would need to generate a user token:
async function authenticate() {
try {
const credentials = Realm.Credentials.emailPassword("<email>", "<password>");
const user = await app.logIn(credentials);
console.log(`access token: ${user.accessToken}`);
return user.id;
} catch (err) {
console.error(err);
}
}
And use that access_token
to perform a GraphQL request:
curl --location --request POST 'https://eu-west-1.aws.realm.mongodb.com/api/client/v2.0/app/<app_id>/graphql' \
--header 'Authorization: Bearer <access_token>' \
--header 'Content-Type: application/json' \
--data-raw '{"query":"query ... }'
Calls to functions using Application Authentication via HTTPS endpoints can only be authenticated using “api-key” header, basic authentication with email / password, or passing the JWT with the “jwtTokenString” header
When calling a Realm Function with application authentication, i.e, execute with the permissions of the user calling the function, we need to be authenticated first by using one of the authentication providers previously mentioned and using the authenticated user to call the Realm Function which will have the inherited access_token
:
async function authenticate() {
console.log("AUTHENTICATE");
try {
const credentials = Realm.Credentials.emailPassword("<email>", "<password>");
const user = await app.logIn(credentials);
const resultOfCallFunction = await user.callFunction("<function name>",[arg1, arg2]);
return user.id;
} catch (err) {
console.error(err);
}
}
If this understanding is correct, why can’t the authentication approach be aligned between GraphQL and HTTPS endpoints? Why require me to get an access_token for GraphQL queries if I can’t use it for HTTPS endpoint requests?
In the end, both authentication methods are aligned. Thus, both will benefit from the authentication providers you are enabling in your Realm App.
Please let me know if you have any additional questions or concerns regarding the details above.
Kind Regards,
Josman