Navigation

Authentication Triggers

On this page

  • Overview
  • Example
  • Configuration
  • Authentication Events

Authentication triggers allow you to execute server-side logic whenever a user interacts with an authentication provider. You can use authentication triggers to implement advanced user management, including storing new user data in your linked cluster, maintaining data integrity upon user deletion, or calling a service with a user’s information when they log in.

An online store wants to store custom metadata for each of its customers in MongoDB Atlas. Each customer should have a document in the store.customers collection where metadata about them can be recorded and queried.

To guarantee that the collection represents each customer, the store creates an authentication Trigger that listens for newly created users in the email/password authentication provider. When the trigger observes a CREATE event, it passes the authentication event object to its linked function, createNewUserDocument. The Realm Function creates a new document describing the user and their activity and inserts it into the store.customers collection.

createNewUserDocument
exports = async function(authEvent) {
const mongodb = context.services.get("mongodb-atlas");
const customers = mongodb.db("store").collection("customers");
const { user, time } = authEvent;
const newUser = { ...user, eventLog: [ { "created": time } ] };
await customers.insertOne(newUser);
}

Authentication Triggers have the following configuration options:

Field
Description
Trigger Type
The type of the trigger. For authentication triggers, this value should be set to AUTHENTICATION.
Trigger Name
The name of the trigger.
Linked Function
The name of the Realm Function that the trigger executes whenever it fires. The trigger passes the authentication event object that caused it to fire as the only argument to this function.
Operation Type
The authentication operation type that causes the trigger to fire.
Providers
A list of one or more authentication provider types. The trigger will only listen for authentication events produced by these providers.

Authentication events represent user interactions with an authentication provider. Each event corresponds to a single user action with one of the following operation types:

Operation Type
Description
LOGIN
Represents a single instance of a user logging in.
CREATE
Represents the creation of a new user.
DELETE
Represents the deletion of a user.

Authentication event objects have the following form:

{
"operationType": <string>,
"providers": <array of strings>,
"user": <user object>,
"time": <ISODate>
}
Field
Description
operationType
The operation type of the authentication event.
providers

The authentication providers that emitted the event.

One of the following names represents each authentication provider:

  • "anon-user"
  • "local-userpass"
  • "api-key"
  • "custom-token"
  • "custom-function"
  • "oauth2-facebook"
  • "oauth2-google"
  • "oauth2-apple"
Note

Generally, only one authentication provider emits each event. When a you delete a user linked to multiple providers, the DELETE event for that user includes all linked providers.

user
The user object of the user that interacted with the authentication provider.
time
The time at which the event occurred.
Give Feedback

On this page

  • Overview
  • Example
  • Configuration
  • Authentication Events