You cannot do this on the server side without setting cookies on the client side when you log in.
Meteor saves the user authentication token in localStorage , which is not available at the stage of the HTTP header, only later after loading the page on the client side javascript.
If you want to access the value in the headers in the way that you do, you will have to set a cookie when the user logs in with the user's token.
The user token is located in localstorage / Meteor.loginToken and the user ID in Meteor.userId() .
Then check this value with the request header and find the token among the user's stored tokens in the users collection in mongodb in services.resume.loginToken .
There is a significant security warning because your loginToken is more open and can be used to access your account.
How Meteor works with inputs
Meteor establishes a DDP connection through websockets. When the web page loaded with the previous "saved" login state, these loginTokens are read using javascript with the localstorage api. DDP is the level of communication over websites or sockjs. Using Meteor to communicate with the server.
Login occurs through the DDP protocol after loading javascript. This is the main reason you cannot do this directly using the server-side route, because you would not have access to the DDP in this way, since the Meteor libraries are not available, and the DDP connection is not established at this point when sending the http request.
Meteor calling and subscribing methods use this login for authentication to publish methods on the server that all occur on the DDP Explorer.
This answer should take into account the specifics of the login: Authentication with Meteor via DDP (and SRP?)
Akshat
source share