I would go the direction of having a “registration” api key and the module for registration will use this key to do any query/registration mutation. Any other calls will require a user authentication…
Yes that sounds fine. Just one detail question. What do you mean by “module” ? As far as I can see there is only one MongoDB GraphQL endpoint in my mongodb atlas app that has ONE configuratioon for authentication.
Thee Pavel wrote: " there isn’t a registration process separate from the login process, you call the same function every time," Mmmhh ok, I have to look into that …
Yes that seems to be the only way. It just feels a bit weired. It’s a workaround.
Resgistration and login are two different things. For example at registration the client normally passes more information, such as additonal metadata. For login the client only passis the most basic data (eg. username and password, no additonal name, postal adress or mobile phone number).
Would be nice if MongoDB Atlas would offer a way to actually register a user. (of course this depends on the authentication provide that you use.)
Ok, I got it working. Maybe a workaround. But it does work. HEre is my source code:
/**
* Create a new team and a mongoDB Atlas User
* @param {Object} GraphQL TeamInsertInput { teamName admins { name email mobilephone } }
* @return {Object} error or { team user jwt }
*
* This function uses some `config` variables read from mongodb app values
*/
exports = async (newTeam) => {
console.log("CreateNewTeam (context.user", JSON.stringify(context.user))
// ===== Insert newTeam into DB
var collection = context.services.get("mongodb-atlas").db(config.dbName).collection(config.collection)
let insertResult = await collection.insertOne(newTeam)
// ===== Query team (returned document contains _id !)
let team = await collection.findOne({_id: insertResult.insertedId})
// ====== Create a **new** JWT for the new user
// .... some code with https://www.mongodb.com/docs/atlas/app-services/functions/globals/#std-label-function-utils-jwt
// Keep in mind that the JWT must exactly match you configuration !
// eg. issuer ("iss" claim) must be set correctly if you configured that
// and of course use the correct secret to sign the key
let token = /* ... create JWT ... *//
// Make an authenticated call to Atlas App, so that MongoDB Atlas User is created (automatically)
// https://www.mongodb.com/docs/atlas/app-services/users/create/
let postRes = await context.http.post({
url: config.API_URL,
headers: {
// THIS IS IMPORTANT !!! Need to set the "jwtTokenString" header!
//. "Authentication: Bearer ....." DOES NOT WORK HERE !!
"jwtTokenString": [ token ]
},
body: { query: "{ team { _id teamName} }" }, // just query anything
encodeBodyAsJSON: true
})
// The response body is a BSON.Binary object. Parse it and return.
console.log("response of post: "+ JSON.stringify(postRes))
// Now the new user has also been created in MongoDB Atlas internal user list.
return {
team: team,
user: team.admins[0],
jwt: token
}
}