[Realm Auth] Validate if user is authenticated from server-side (PHP)

andrefelipe · December 23, 2020, 8:51am

How to validate if user is authenticated at the server side, like PHP?

From the front end we could send all data needed, like userId, authId, providerId/providerType, accessToken, refreshToken, but how to check on server side that the user is authenticated?

Tried to find an API here but no success Atlas App Services API

A real-world use case: I tried to use Realm Functions to upload large images (10Mb) but given its 30s input timeout Realm functions 30s input timeout I had to resort to a web server to handle the uploads, so now I better validate if the user is authenticated before proceeding with the upload and MongoDb update. Otherwise my API will just allow anyone with a leaked AuthId to upload anytime, anywhere.

Thanks!

Sumedha_Mehta1 · December 28, 2020, 8:28pm

Hey Andre - this thread will provide more context, but tldr - this feature has been prioritized for near-term work: Verify Access Token server side - #6 by Sumedha_Mehta1

andrefelipe · December 28, 2020, 8:38pm

Thanks. Will keep an eye into that.

system · January 2, 2021, 8:38pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.