1

I'm building a React app that allows users to login with Google and then connects to a webhook/3rd Party service in Realm. The service should only return data that the users own.

I've set up the OAuth 2 with Google and can get back access_token for a user and I then pass it in the header (I've also tried the URL params) to the webhook. But I get an error back saying:

400 "no authentication methods were specified" - "Invalid Parameter".

After much testing, I've identified that it must be a Realm issue - but I can't figure out what.

I've tried authenticating with Google in Postman and sending a request from there like this:

    GET <incoming_webhook URL>
    Request Headers
    Authorization: Bearer <access_token>
    User-Agent: PostmanRuntime/7.26.10
    Accept: */*
    Host: us-east-1.aws.webhooks.mongodb-realm.com
    Accept-Encoding: gzip, deflate, br
    Connection: keep-alive

But I get the same error.

In Realm I have "Google" enabled as an authentication providers (and the authentication works just not the authorization through the webhook).

Tom Thorley
  • 11
  • 2

1 Answers1

0

Per https://docs.mongodb.com/realm/services/configure/service-webhooks/#configure-user-authentication, you can choose email/password, an API key, or a custom JWT token. I don't know whether you can use google login directly to a webhook, but you're probably better off making a realm function instead.

Regarding the error no authentication methods were specified, you can specify the type of authentication method (using a custom JWT as an example) by either:

  • putting it in the header:

Header: jwtTokenString, Value: eyJhbGci.....

OR

  • by including it as part of the webhook body:
{
    "jwtTokenString":"eyJhbGci...",
    "mydata": "my data value"
}

If you try to use both methods, you get a multiple authentication methods used error. HTTP Bearer tokens in the header, etc, are useless here.

For an API Key, instead of jwtTokenString, use api-key; or email`password` for email\password authentication.

I found these methods of providing authenticating information really unintuitive and the documentation very unclear.

emragins
  • 4,607
  • 2
  • 33
  • 48