Navigation

Email/Password Authentication

MongoDB Stitch provides the option for your app users to authenticate with their email and password.

Enable and Configure Email/Password Authentication

To configure for email/password authentication,

  1. Click Authentication. The page displays the Authentication Providers.

  2. For Email/Password, click the Edit button.

  3. In the Edit Provider dialog,

    1. Switch the Email/Password to enabled.

    2. Enter values for the following fields as appropriate:

      Field Description
      Email Confirmation URL

      Required. The base URL for the confirmation URL sent to users to confirm their email address. The confirmation URL is sent to the user via email and includes the query parameters token and tokenId. For the base URL, you must include the URL scheme, such as http or https. For example, https://myapp.example.com/foo/confirm.aspx.

      The confirmation script must parse the token and tokenId and call the emailConfirm() function. See Incorporate into a Web Application below.

      Email Confirmation Subject

      Optional. The subject of the email sent to users to confirm their email address. Maximum length is 256 characters.

      For example, MyApp Email Address Confirmation

      If unspecified, MongoDB Stitch uses a default subject.

      Password Reset URL

      Required. The base URL for the password reset URL sent to users to reset their password. The reset URL is sent to the user via email and includes the query parameters token and tokenId. For the base URL, you must include the URL scheme, such as http or https. For example, https://myapp.example.com/reset-pwd-verify

      The password reset script must parse the token and tokenId and call the passwordReset() function. See Incorporate into a Web Application below.

      Reset Password Email Subject

      Optional. The subject of the email sent to users to reset their password. Maximum length is 256 characters.

      For example, MyApp Password Reset

      If unspecified, MongoDB Stitch uses a default subject.

    3. Click Save.

Incorporate into a Web Application

To incorporate into a web application:

Note

The following lists the code snippets to incorporate MongoDB service into a web application. The numbered list of items is not meant to be a comprehensive step-by-step procedure.

  1. In your HTML file, include the MongoDB Stitch library .

    <script defer type="text/javascript" src="https://s3.amazonaws.com/stitch-sdks/js/library/298a2b586d91d462099e5d9f66fba0a687837abe/stitch.min.js"></script>
    
  2. In your JavaScript file, include the code to instantiate a StitchClient:

    import { StitchClient } from 'stitch';
    
    const stitchClient = new StitchClient('<your-app-id>');
    

    Replace <your-app-id> with your MongoDB Stitch app ID. In the MongoDB Stitch console, you can find your App ID in the Clients view.

  3. To register a user’s email and password, the StitchClient provides the register() function .

    stitchClient.register('<user-email>', '<user-password>');
    

    The user will be sent a confirmation email with the confirmation link. The confirmation link includes token and tokenId query parameters.

  4. When the user clicks on the link, the confirmation script must parses the token and tokenId and pass to the emailConfirm() function.

    stitchClient.auth.provider('userpass').emailConfirm('<tokenid>', '<token>');
    

    Once the user email has been confirmed, the user can login with the registered email and password.

  5. To login with a user’s email and password, the StitchClient provides the login() function .

    stitchClient.login('<user-email>', '<user-password>');
    
  6. To send user an email to reset the password, use the sendPasswordReset() function.

    stitchClient.auth.provider('userpass').sendPasswordReset('<user-email>');
    

    The user will be sent an email with a password reset link. The reset link includes token and tokenId query parameters.

  7. To reset the password after the user clicks on the link, the reset password script must parse the token and tokenId and pass to the passwordReset() function along with the new password.

    stitchClient.auth.provider('userpass').passwordReset('<tokenid>', '<token>', '<newpassword>');