Check user provider type in authorization expression

Jean-Baptiste_Beau · 2021-03-24T14:07:29.427Z

In the authorization expression of some function, I’d like to check that the user provider type is not anonymous. In plain javascript, that would be:

context.user.identities[0].provider_type != "anon-user"

How can I achieve the same thing in authorization expression? I don’t know how to access the first element of the array. I tried "%%user.identities.first.providerType"and "%%user.identities[0].providerType" but none of these works.

Jean-Baptiste_Beau · 2021-04-08T20:24:01.703Z

MongoDB team, any idea? Is that possible or not?

Mansoor_Omar · 2021-04-19T22:59:08.457Z

Hi Jean-Baptiste,

Please try using %%user.identities[0].provider_type

You could also make the expression call a function and within the function use context.user.identities[0].provider_type to return the value.

Regards
Manny

David_Peck1 · 2022-03-18T13:30:47.558Z

I couldn’t get either of these suggestions to work. Both returned "rule not matched for function \"myFunction\"".

In the end I had to add a check in the function body, which is a shame because it results in a 200 response. Works though.

// Check that this is a logged in user (not anon)
function isLocalUser() {
  if (!context.user) return false

  const identities = context.user.identities || []

  const localUserIdentities = identities.filter(
    (i) => i["provider_type"] === "local-userpass"
  )

  const isLocalUser = localUserIdentities.length === 1
  return isLocalUser
}

function myFunction() {
  if (context.functions.execute("isLocalUser") !== true) {
    return { error: "Not authorized" }
  }
  
  return { "foo": "bar }
}

Dean_Tate · 2024-06-05T10:47:55.044Z

Little old, but I got this working. Couldn’t find it documented anywhere.

{
  "%%user.identities": {
    "$elemMatch": {
      "provider_type": "anon-user"
    }
  }
}