How to: Authenticate your Meteor users in other languages/platforms

I just wanted to pass on some info on how you can authenticate your Meteor users easily if your Meteor app needs to hit another service/server using the Meteor.loginToken in local storage.

The login token on the user’s document is not in the same format as the one that’s in local storage so you can’t query against it directly. At first this may seem difficult but once you peer into Meteor source, it’s not so bad.

TL;DR
hashed token == client login token -> SHA-256 -> Base64

Here’s an example using Elixir using Erlang’s crypto but any language’s library should have this available. This is used in a GraphQL implementation where the user is passed into each request (much like this.userId with Meteor methods).

  def get_user_by_login_token(login_token) do
    hashed_token = :crypto.hash(:sha256, login_token) |> Base.encode64

    MongoDB.find("users", %{"services.resume.loginTokens.hashedToken" => hashed_token})
      |> Enum.to_list
      |> List.first
  end
1 Like