Like the user linked below, I need the ability to do user administration client-side.
Administrate Realm users on client
While Custom Function Authentication opens a door for that, I found it difficult in practice to get everything working in a streamlined way. I’m outlining my process here in the hopes 1) that it might be helpful to others dealing with these issues and 2) that someone can potentially offer more appropriate solutions for some of my problems because many of my solutions feel like hacks.
Overall, it feels like everything surrounding Custom Function Authentication is a little half-baked, though hopefully I’m just missing something.
Problem: Realm provides no client-side tools for user management.
Solution: Create your own user collection, then use a Custom Function Authentication. But…
Problem: Managing custom users (writing rules, dealing with permissions, etc.) is difficult because the relationship between Realm Users and custom users isn’t very robust.
Solution: Enable Custom User Data and point it to your user collection so that all of your user data is in user.customData
. But…
Problem: The User ID Field that Realm looks at in the Custom User Data collection doesn’t exist initially. Further, Authentication Triggers do not seem to support Custom Function Authentication, making it difficult to create a relationship between a Realm User and your Custom User Data collection.
Solution: Create a function that uses context.user.identities[0].id
to find the appropriate entry in your Custom User Data collection and populate it with the Realm User ID. Then call this function client-side after every login, followed by user.refreshCustomData()
. Now user.customData
will work for server-side rule authoring and for client-side tasks. This is the most frustrating hack by far.
Problem: There seems to be no way to fail a Custom Function Authentication gracefully. Either you return a proper value for a new/existing user, or it just fails, so you can’t return any useful info about why the attempt was invalid.
Solution: Call the authentication function from a webhook first to find any potential issues, then use Custom Function Authentication only if there are no problems.
Unsolved/Minor Issues
-
user.data
is empty for Custom Function Authentication users. You can still look incontext.user.identities[0]
, but it could be annoying if you have multiple identities. -
The Realm Users page doesn’t show any useful info for Custom Function Authentication users. At a minimum it would ideally show the internal id used to create it (
context.user.identities[0].id
). -
Deleting a user from the custom collection leaves a Realm user behind. Presumably I could fix this by building a clean-up tool with the Admin API.
That’s where I am so far and things are more or less working, though I am very open to feedback or alternative solutions.