自定义身份验证如何在MongoDB Stitch中工作
[英]How Custom Authentication Works in MongoDB Stitch
问题描述
Following MongoDB Custom Authentication , it is given that any JWT Token with the minimal below fields works with the MongoDB Stitch Authentication. 
在MongoDB自定义身份验证之后,任何具有以下最小字段的JWT Token可以使用MongoDB Stitch身份验证。 Also, token needs to be issued by External Authentication System 此外,令牌需要由External Authentication System发出
{
"aud": "<stitch app id>"
"sub": "<unique user id>",
"exp": <NumericDate>,
}
I've tested this and it works as well 我已经测试了这个,它也可以
- Created Stitch App and enabled Users with
Custom Authentication Provider创建Stitch App并使用Custom Authentication Provider启用用户 - Generated Sample Token through Jwt.io with the below inputs. 通过Jwt.io生成的样本令牌,输入如下。 (Use same algorithm and key as configured when enabling Custom Authentication Provider, Here it is, HS256 and the ) (使用与启用自定义身份验证提供程序时配置相同的算法和密钥,此处为HS256和)
It works in the way, 它的工作方式,
- It is validating the users in MongoDB Stich Users Collection with the unique
valueprovided insub:"sub": "<unique user id>"and if the user is present then it returning the Object Id for that User.它使用sub:"sub": "<unique user id>"提供的唯一value验证MongoDB Stich用户集合中的"sub": "<unique user id>",如果用户在场,则返回该用户的Object Id。 - If the user is not present then it is creating one against the input and returning the Object Id. 如果用户不在,那么它将根据输入创建一个并返回Object Id。
Queries are, 查询是,
- Why it is creating a new user instead of returning login failure, which in turn works like any user can log in with any credentials on demand? 为什么它创建一个新用户而不是返回登录失败,这反过来就像任何用户可以使用任何凭据按需登录一样?
- If
MongoDB Stitch Custom AuthenticationinvolvesExternal Authentication Systemto issueJWT, where the user data will be actually stored when user registration?如果MongoDB Stitch Custom Authentication涉及External Authentication System发出JWT,用户注册时用户数据将实际存储在哪里? -MongoDB Stitch App CollectionorExternal Authentication API System?- MongoDB Stitch App Collection或External Authentication API System?
1 个解决方案
解决方案1
4 已采纳 2018-12-04 13:27:22
Here is the response from MongoDB Support 以下是MongoDB支持的回复
Why is Stitch creating a new "User" 为什么Stitch会创建一个新的“用户”
The "User" Stitch creates in this scenario is an internal user. 在这种情况下,“用户”Stitch创建的是内部用户。 This "user" also contains the user data and metadata provided from the JWT and is not stored alongside your other collections in the Atlas cluster your application is linked against. 此“用户”还包含从JWT提供的用户数据和元数据,并且不会与您的应用程序链接的Atlas群集中的其他集合一起存储。 Note that this "user" is not accessible to MongoDB without using a trigger or other function to load it into the database. 请注意,MongoDB无法使用触发器或其他功能将其加载到数据库中,因此无法访问此“用户”。
Why isn't a login failure returned 为什么不返回登录失败
A login failure is not being returned because the custom authentication provider is only checking the signed JWT from the external system against its own copy of the signing key. 由于自定义身份验证提供程序仅根据其自己的签名密钥副本检查来自外部系统的已签名JWT,因此未返回登录失败。 If the signatures match then the login is deemed successful. 如果签名匹配,则认为登录成功。
It is the responsibility of the external authentication provider to fail the login; 外部身份验证提供程序负责登录失败; not Stitch. 不是缝合。
Where will the user data actually be stored 实际存储用户数据的位置
The user data should be managed within your database. 应在数据库中管理用户数据。 The most efficient way to integrate this with the Custom Authentication provider is to use an Authentication Trigger on Create and/or Login operation types. 将此与自定义身份验证提供程序集成的最有效方法是在创建和/或登录操作类型上使用身份验证触发器 。 This would allow you to run a Stitch Function any time an authentication event is triggered. 这将允许您在触发身份验证事件时运行Stitch功能 。
There is an example of using authentication triggers on the MongoDB blog which may help explain the process further. 有一个在MongoDB博客上使用身份验证触发器的示例,这可能有助于进一步解释该过程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.