[英]How Custom Authentication Works in MongoDB Stitch
Following MongoDB Custom Authentication , it is given that any JWT Token
with the minimal below fields works with the MongoDB Stitch Authentication. 在MongoDB自定义身份验证之后,任何具有以下最小字段的
JWT Token
可以使用MongoDB Stitch身份验证。 Also, token needs to be issued by External Authentication System
此外,令牌需要由
External Authentication System
发出
{
"aud": "<stitch app id>"
"sub": "<unique user id>",
"exp": <NumericDate>,
}
I've tested this and it works as well 我已经测试了这个,它也可以
Custom Authentication Provider
Custom Authentication Provider
启用用户 It works in the way, 它的工作方式,
value
provided in sub
: "sub": "<unique user id>"
and if the user is present then it returning the Object Id for that User. sub
: "sub": "<unique user id>"
提供的唯一value
验证MongoDB Stich用户集合中的"sub": "<unique user id>"
,如果用户在场,则返回该用户的Object Id。 Queries are, 查询是,
MongoDB Stitch Custom Authentication
involves External Authentication System
to issue JWT
, where the user data will be actually stored when user registration? MongoDB Stitch Custom Authentication
涉及External Authentication System
发出JWT
,用户注册时用户数据将实际存储在哪里? - MongoDB Stitch App Collection
or External Authentication API System
? MongoDB Stitch App Collection
或External Authentication API System
? Here is the response from MongoDB Support 以下是MongoDB支持的回复
Why is Stitch creating a new "User" 为什么Stitch会创建一个新的“用户”
The "User" Stitch creates in this scenario is an internal user. 在这种情况下,“用户”Stitch创建的是内部用户。 This "user" also contains the user data and metadata provided from the JWT and is not stored alongside your other collections in the Atlas cluster your application is linked against.
此“用户”还包含从JWT提供的用户数据和元数据,并且不会与您的应用程序链接的Atlas群集中的其他集合一起存储。 Note that this "user" is not accessible to MongoDB without using a trigger or other function to load it into the database.
请注意,MongoDB无法使用触发器或其他功能将其加载到数据库中,因此无法访问此“用户”。
Why isn't a login failure returned 为什么不返回登录失败
A login failure is not being returned because the custom authentication provider is only checking the signed JWT from the external system against its own copy of the signing key. 由于自定义身份验证提供程序仅根据其自己的签名密钥副本检查来自外部系统的已签名JWT,因此未返回登录失败。 If the signatures match then the login is deemed successful.
如果签名匹配,则认为登录成功。
It is the responsibility of the external authentication provider to fail the login; 外部身份验证提供程序负责登录失败; not Stitch.
不是缝合。
Where will the user data actually be stored 实际存储用户数据的位置
The user data should be managed within your database. 应在数据库中管理用户数据。 The most efficient way to integrate this with the Custom Authentication provider is to use an Authentication Trigger on Create and/or Login operation types.
将此与自定义身份验证提供程序集成的最有效方法是在创建和/或登录操作类型上使用身份验证触发器 。 This would allow you to run a Stitch Function any time an authentication event is triggered.
这将允许您在触发身份验证事件时运行Stitch功能 。
There is an example of using authentication triggers on the MongoDB blog which may help explain the process further. 有一个在MongoDB博客上使用身份验证触发器的示例,这可能有助于进一步解释该过程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.