Has anyone been able to login to MongoDB Realm using a JWT token generated by Firebase? I believe I have everything set up correctly in RealmUI: enabled the Custom JWT Authentication, specified the algorithm (RS256), entered my public key. In my code I have Firebase generate the token which has the aud, sub, exp, and iat values set in the payload. I create the credentials and then try to login:
let credentials = RLMAppCredentials.init(jwt: token)
self.realmApp!.login(withCredential: credentials, completion: { (syncUser, error) in
...
}
The login fails and the error I get back is
Error Domain=realm::app::ServiceError Code=2 âauthentication via âcustom-tokenâ is unsupportedâ UserInfo={NSLocalizedDescription=authentication via âcustom-tokenâ is unsupported, realm::app::ServiceError=InvalidSession}
I have no idea why the server thinks itâs a custom token.
I just tried my code again. I had the wrong Realm App Id being passed to jwt.sign. I fixed that but now Iâm getting a different error when I call realmApp.login:
Error Domain=realm::app::ServiceError Code=47 âInvalid Key: Key must be PEM encoded PKCS1 or PKCS8 private keyâ UserInfo={NSLocalizedDescription=Invalid Key: Key must be PEM encoded PKCS1 or PKCS8 private key, realm::app::ServiceError=AuthError}
I had authentication working with the Realm Cloud Platform. I got it going a year ago using the detailed instructions that were on the old Realm website. It would be really helpful to have step-by-step instructions like that again for the MongoDB platform.
Hi! Did you get this resolved? I wrote the guide for the Realm Cloud Function and I am using Firebase with MongoDb Realm now.
In MongoDb Realm there is no need for the cloud function to authenticate. You can pass the firebase token from firebaseUser.getIdToken() and pass that directly into MongoDbRealm JWT authentication. All you need to do is to configure the JWT authentication to use https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com as JWK url and specify your firebase project name as audience, then you are done.
As a bonus, authentication will be faster since you skip the roundtrip to your cloud function
I would check the content of the JWT token in https://jwt.io. Basically you need to make sure that it has aud property with the realm app id, a sub property with the userâs email, an exp with the expiration date of the token, and possibly some user_data metadata with at least an email or a name so that it can set the name in the Userâs table, finally include an iat property with time of creation.
We investigated this issue and it turns out we are not processing the Firebase tokens with the correct crypto format - we are looking to fix that now. We should be able to check the type of the key after parsing the provided public key PEM and then choose the correct x509 parsing function.
in the meantime, I just tried this using an openssl-generated keypair and it works fine, so you may want to try that out
// generate a public and private RSA key pair
openssl genrsa -out private.pem 4096
// export the RSA public key to PEM
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
That is weird⊠I got the firebase auth working in my app using the mobile SDKs? Data was synced fine, but I was only using a public, read only Realm. But this isnât supposed to be working?
I have struggled with the exact same issue. Custom JWT Token authentication is not sufficiently described in the MongoDB documentation. At least, for the integration with Firebase, I have written a step-by-step guide which should be very easy to follow. You can find it on Medium here