Getting Netlify Identity Secret Key

Hi, I am trying to authenticate connections to a MongoDB database using JWT tokens generated by Netlify Identity.

The MongoDB docs ask for the signing algorithm and secret key to verify JWT tokens passed in. How can I get this information for my Netlify Identity tokens?

Additional context in case it is needed:

  1. I found you can manually set the secret key under Authentication Controls by paying for the Business Plan, but I rather avoid paying $99/month just for this.
  2. The MongoDB database is being accessed through a Mongo Realm instance which generates a GraphQL API. That GraphQL API is accessed through Apollo, a React library. The whole flow works with authentication disabled, now it’s just a matter of securing it.
  3. I have not explored using Netlify Functions for this because I want to stick to the GraphQL API. If anyone knows a way to proxy GraphQL queries through a Netlify Function as a form of security I’m happy to hear of those options.
1 Like

Hi @programmer

As a starting point, you might find the following thread of interest

If you have further questions, do not hesitate to reply here.

1 Like

Hey, I’ve gone through this thread before. My big question is how to actually implement a proxy in Netlify Functions, if you have any JavaScript examples I would greatly appreciate it.

One big concern I have is a GraphQL query may take longer than 10 seconds to run, but I don’t want the whole request to fail because the Netlify Function timed out waiting for MongoDB.

hey programmer,

i don’t have a solution to the first half of your question, but, i can tell you that we have

a.) background functions

b.) we can extend the timeout for functions up to 26 seconds for pro and above customers.

What about a Signed Proxy Redirect (which doesn’t require the use of a function.)

The proxy didn’t work, but I found a solution I’ll share for anyone who stumbles on this.

Mongo Realm allows for authentication with a custom function. The solution is simply to write a Mongo Realm function that calls a Netlify Function endpoint that checks if the user is authentic, and sends back the user’s ID if they are.

Netlify Functions have user authentication build into them. All you need to do is call

const { user } = context.clientContext;

in the Netlify Function to get the user, and it would be null if they’re not logged in. This also allows you to check for Roles or other custom logic to decide if that particular user should in fact be allowed to access MongoDB.

The only tricky part is Netlify Functions may not have the user token if you are calling them from Mongo Realm, so you will need to pass the user’s token to Mongo Realm, then have it include it as an authorization header when it calls the Netlify Function.


Hey there, @programmer :wave:

Thanks so much for coming back and sharing you solution! Knowledge sharing is beneficial to future members who encounter something similar, so we definitely appreciate it.

Happy building :netliconfetti: