Realm Blog
Published in

Realm Blog

Create custom JWT Token & Signing Keys for use as your own Realm Custom Authentication Provider.

Motivation

Prerequisites

Step by step guide

Configure and run the project example

var claims = {
"iss": "http://myapp.com/", // The URL of your service
"sub": "users/user1234", // The UID of the user in your system
"scope": "self, admins",
"aud": "app-id" // Your APP ID
};
signing key: UWaNHq1sR+3HEYyrcqO1MLa4zgtR9mYHW/wRYNsBzKRlqBMUD8U3sLUS0+j2RsN2tfNV4rQhhxfcmNmDldk94EOtDiAxg8By6YUod0fXIgWGykeb7VYg5s/NzS1UTTe8Fj7ddB522HwR3iCz97sF3H2oUW0MFYtJr9eF61MG+ZHbaw4FWeqGwqc9W0is/Q4ceLzBR3ndS+gsT/5sdMVpAt+oVa0Z08WG0BCRJrFyJhcxOkC2UGGGQVxcGUHS/ICP5zgWcOp3/iDswC6MBkl3W1T4BFmGyrBhjArGWaCwo2ae0/Z0rvSkeERgF4+AMFNRIjAYEcERFUhG1kgwL1/vAw==JWT token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbXlhcHAuY29tLyIsInN1YiI6InVzZXJzL3VzZXIxMjM0Iiwic2NvcGUiOiJzZWxmLCBhZG1pbnMiLCJhdWQiOiJhcHAtaWQiLCJqdGkiOiI5NzU4YjhmNC0yMGEwLTQ5YjgtOGU0ZS03Njg3M2NhYTVlYmMiLCJpYXQiOjE2MTg2NzM1MjcsImV4cCI6MTYxODY3NzEyN30.TJ4UdpODFBrquoJwTpUIbuYQ30qXUi5PCOhIZzHVfykJwt {
header: JwtHeader { typ: 'JWT', alg: 'HS256' },
body: JwtBody {
iss: 'http://myapp.com/',
sub: 'users/user1234',
scope: 'self, admins',
aud: 'app-id',
jti: '9758b8f4–20a0–49b8–8e4e-76873caa5ebc',
iat: 1618673527,
exp: 1618677127
},
toString: [Function (anonymous)]
}
var signingKey = "UWaNHq1sR+3HEYyrcqO1MLa4zgtR9mYHW/wRYNsBzKRlqBMUD8U3sLUS0+j2RsN2tfNV4rQhhxfcmNmDldk94EOtDiAxg8By6YUod0fXIgWGykeb7VYg5s/NzS1UTTe8Fj7ddB522HwR3iCz97sF3H2oUW0MFYtJr9eF61MG+ZHbaw4FWeqGwqc9W0is/Q4ceLzBR3ndS+gsT/5sdMVpAt+oVa0Z08WG0BCRJrFyJhcxOkC2UGGGQVxcGUHS/ICP5zgWcOp3/iDswC6MBkl3W1T4BFmGyrBhjArGWaCwo2ae0/Z0rvSkeERgF4+AMFNRIjAYEcERFUhG1kgwL1/vAw==";
var jwt = helper.createToken(claims, signingKey);
console.log(`JWT token: ${jwt} \n`);

Enable & configure Custom JWT Authentication

Authentication providers screenshot
Signing keys section
Settings for the authentication provider

Test the authentication method

'jwtTokenString: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbXlhcHAuY29tLyIsInN1YiI6InVzZXJzL3VzZXIxMjM0Iiwic2NvcGUiOiJzZWxmLCBhZG1pbnMiLCJhdWQiOiJjYXNlcy1sb2dleSIsImp0aSI6ImMyNjU4NWE2LTBhNTktNGI3ZS05NTA0LTZmNTBlM2U0ZGIzYSIsImlhdCI6MTYxODY3NDI1NywiZXhwIjoxNjE4Njc3ODU3fQ.vfHSXacPPGWvKvEOx7hneLOTj6WQFnJMY8ta_Jo5_QU'
curl - location - request POST 'https://eu-west-1.aws.realm.mongodb.com/api/client/v2.0/app/cases-logey/graphql' \
- header 'jwtTokenString: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbXlhcHAuY29tLyIsInN1YiI6InVzZXJzL3VzZXIxMjM0Iiwic2NvcGUiOiJzZWxmLCBhZG1pbnMiLCJhdWQiOiJjYXNlcy1sb2dleSIsImp0aSI6ImMyNjU4NWE2LTBhNTktNGI3ZS05NTA0LTZmNTBlM2U0ZGIzYSIsImlhdCI6MTYxODY3NDI1NywiZXhwIjoxNjE4Njc3ODU3fQ.vfHSXacPPGWvKvEOx7hneLOTj6WQFnJMY8ta_Jo5_QU' \
- header 'Content-Type: application/json' \
- data-raw '{"query":"query {\n listingsAndReview {\n _id\n }\n}","variables":{}}'
{
"data": {
"listingsAndReview": {
"_id": "10051164"
}
}
}

Possible errors thrown

The audience not configured correctly

Error:
'"cases-logey"' not present in 'aud' claim

Audience not present

Error:
invalid custom auth token: 'aud' must be a string or array of strings containing the clientAppId

Invalid number of segments

Error:
token contains an invalid number of segments

Signature is invalid

Error:
signature is invalid

Wrapping everything up

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Josman Pérez Expóstio

If I had to sum up my professional interests in one sentence, I could only say that I am passionate about technology.