I just wanted to pass on some info on how you can authenticate your Meteor users easily if your Meteor app needs to hit another service/server using the Meteor.loginToken
in local storage.
The login token on the user’s document is not in the same format as the one that’s in local storage so you can’t query against it directly. At first this may seem difficult but once you peer into Meteor source, it’s not so bad.
TL;DR
hashed token == client login token -> SHA-256 -> Base64
Here’s an example using Elixir using Erlang’s crypto but any language’s library should have this available. This is used in a GraphQL implementation where the user is passed into each request (much like this.userId
with Meteor methods).
def get_user_by_login_token(login_token) do
hashed_token = :crypto.hash(:sha256, login_token) |> Base.encode64
MongoDB.find("users", %{"services.resume.loginTokens.hashedToken" => hashed_token})
|> Enum.to_list
|> List.first
end