Authentication Triggers
Overview
Authentication triggers allow you to execute server-side logic whenever a user interacts with an authentication provider. You can use authentication triggers to implement advanced user management, including storing new user data in your linked cluster, maintaining data integrity upon user deletion, or calling a service with a user's information when they log in.
Example
An online store wants to store custom metadata for each of its customers
in MongoDB Atlas.
Each customer should have a document in the store.customers
collection where metadata about them can be recorded and queried.
To guarantee that the collection represents each customer, the store
creates an authentication Trigger that listens for newly created users
in the email/password authentication
provider. When the trigger observes a CREATE
event, it passes the
authentication event object to its linked
function, createNewUserDocument
. The Realm Function creates a new document
describing the user and their activity and inserts it into the
store.customers
collection.
exports = async function(authEvent) { const mongodb = context.services.get("mongodb-atlas"); const customers = mongodb.db("store").collection("customers"); const { user, time } = authEvent; const newUser = { ...user, eventLog: [ { "created": time } ] }; await customers.insertOne(newUser); }
Configuration
Authentication Triggers have the following configuration options:
Field | Description |
---|---|
Trigger Type | The type of the trigger. For authentication triggers,
this value should be set to AUTHENTICATION . |
Trigger Name | The name of the trigger. |
Linked Function | The name of the Realm Function that the trigger
executes whenever it fires. The trigger passes the authentication
event object that caused it to fire as the only
argument to this function. |
Operation Type | The authentication operation
type that causes the trigger to
fire. |
Providers | A list of one or more authentication provider types. The trigger will only listen for
authentication events produced by these
providers. |
Authentication Events
Authentication events represent user interactions with an authentication provider. Each event corresponds to a single user action with one of the following operation types:
Operation Type | Description |
---|---|
LOGIN | Represents a single instance of a user logging in. |
CREATE | Represents the creation of a new user. |
DELETE | Represents the deletion of a user. |
Authentication event objects have the following form:
{ "operationType": <string>, "providers": <array of strings>, "user": <user object>, "time": <ISODate> }
Field | Description |
---|---|
operationType | The operation type
of the authentication event. |
providers | The authentication providers that emitted the event. One of the following names represents each authentication provider:
Note Generally, only one authentication provider emits each event.
When a you delete a user linked to
multiple providers, the |
user | The user object of the user that interacted with
the authentication provider. |
time | The time at which the event occurred. |