Getting the Token ID

Winston_Zhao · December 7, 2020, 11:17am

I’m using the Realm SDK Google Auth RedirectURI. I’m getting the user data, accessToken, and refreshToken. What I’m not getting is the tokenId so that I can validate the session with my backend API.

I was using react-google-login with Mongo Anonymous login. I could use that tokenId to validate the session. I can’t seem to accomplish the same thing with Realm SDK redirect. I would have passed the AuthCode to Realm SDK, but that doesn’t work either based on this post.

My frontend is ReactJS. The backend is NodeJS. Here’s what I’m trying to accomplish.

Login Snippet:
const credentials = Realm.Credentials.google(redirectURI);
const user = await app.logIn(credentials);

Redirect Snippet:
handleAuthRedirect();

Fetch:
fetch(url, { method, headers, body: {...data, tokenId} });

API:
const client = new OAuth2Client(CLIENT_ID);
const ticket = await client.verifyIdToken({
idToken: token,
audience: CLIENT_ID,
});

kraenhansen · December 7, 2020, 11:59am

First off - welcome to the forum
and thanks for your patience on this.

The access and refresh tokens that are available on a user instance after authentication are JWT which are scoped to MongoDB Realm and as such, we don’t provide the public key to validate their authenticity, making it impossible to pass these to your backend to verify them.

One way to authenticate with Google OAuth 2.0 and get access to the idToken for your backend component is to use the Google Platform Library (or alternatively the React library react-use-googlelogin which provides a React hooks API around it) to sign in. Once authenticated you can use the getAuthResponse method on the User returned from the Google Playform Library (or simply the idToken property on the user in case you use the react-use-googlelogin package) to get the OpenID Connect ID Token.

This token can be used when authenticating towards MongoDB Realm (via Realm.Credentials.google) as of Realm Web v1.1.0 which will be released shortly.

I hope that we’ll be able to make a detailed example app or guide available soon, outlining the steps required to get Google OAuth via OpenID Connect setup correctly.

Please let me know if I need to dive deeper into some part of my answer above
Happy coding!

kraenhansen · December 9, 2020, 5:41pm

FYI: Realm Web v1.1.0 with support for passing in the OpenID Connect id token was just released.

import { Credentials } from "realm-web";
const credentials = Credentials.google("google-id-token-goes-here");

Winston_Zhao · December 9, 2020, 6:41am

Awesome timing. Thanks!

system · December 14, 2020, 6:41am

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.