I would like to use realm-web in the browser to simplify authentication. I also would like to use realm-web on the server to retrieve mongodb data and hide connection and query details.
What is the best way to pass Realm App User credentials from browser to server?
I am trying to experiment with apiKey, but I am not sure how to create an apiKey on the client:
// client
const app = new Realm.App({ id: '<ID>' });
await app.logIn(Realm.Credentials.emailPassword('user@domain.com', 'password'));
await app.currentUser?.apiKeys.create('testKey');
await app.currentUser?.apiKeys.enable('testKey');
const apiKey = await app.currentUser?.apiKeys.fetch('testKey');
// pass apiKey to the server?
and then pass it to the server:
// server
const clientKey = getKeyFromClient();
await app.logIn(Realm.Credentials.apiKey(clientKey));
// invalid API key (status 401)
Hi again. I’m sorry that I didn’t realise this before posting my reply, but it turns out the User constructor actually takes the arguments needed to construct and use a user from credentials transferred from a client to a server.
I’ve put together a small CodeSandbox to show this: realm-web-transfer-user-credentials - CodeSandbox (admittedly it gets a little harry around creation of the mockedServerStorage and serverSideApp, but I need this because two pieces of code is running the the same browser and will be simpler in your implementation)