The client browser sends a request to realm HTTP trigger, and is passed a bearer token in the authentication cookie., i would like to verify this with a private key? how can I do this? i don’t see an option for jwt payload verification, but I a quite sure this is possible.
thanks.
Hi Rishi - you can achieve this by doing the payload verification manually in the function and using the crypto library.
Thank you for replying !
If I have say 20 or 30 triggers or quite a number of aPI end points on realm, I’m sure there would be a better way to verify the jwt header payload? Or do I need to write auth logic for each function?
In the function setting service is there somewhere where I can set this without writing code so I only need to specify the algorithm sha256 and the private key ?
Thanks. I’m pretty sure I can but not sure how.
Ah, maybe you’re looking for the JWT Auth provider? That way you can pass it in the header and we’ll validate it for you https://docs.mongodb.com/realm/tutorial/jwt/
You’ll need to set up the provider and the algorithm in the “authentication” section. When a Incoming Webhook has been set to use “application authentication” it will automatically start validating the JWT.
Let me know if this works, otherwise writing it within the function would be the best way, but you can make this simpler by writing one function that is invoked from all your functions.