search

realm / realm-js

Realm is a mobile database: an alternative to SQLite & key-value stores
https://realm.io
Apache License 2.0
5.76k stars 572 forks source link

Disable signup, allow login #6341

Open step135 opened 9 months ago

step135 commented 9 months ago

Problem

I don't see in documentation how to disable creating accounts in MongoDB Atlas through Realm and using it only for login to existing accounts.

It is important for security reasons that developers can restrict creation of accounts only to server side, not enable it in Realm JavaScript.

Solution

Developer should have enabled this setting in MongoDB Atlas and if enabled the Realm should not allow to create any account.

Alternatives

No response

How important is this improvement for you?

Would be a major improvement

Feature would mainly be used with

Atlas App Services: Auth or Functions etc

kneth commented 9 months ago

@step135

You are correct, the Admin API doesn't have such functionality.

Which auth provider do you use? With custom function or JWT you might prevent the creation of new users.

kneth commented 9 months ago

@step135 In the UI, you can add a "User Creation Function" (under "App Users" / "User Settings"). Once you wish to disable user creation, you can store the information is a collection, and let the function fail if set in the collection.

step135 commented 9 months ago

@kneth Why so complicated solution? It should be possible to control it directly in the UI.