Anonymous Login
All logic for CloudBase anonymous login can be actively executed by client-side code without requiring manual user intervention. While in an anonymous login state, users can normally access CloudBase resources. Developers can also enforce corresponding access restrictions for anonymous users in conjunction with security rules.
- Login Authentication (v2) applies to
@cloudbase/js-sdk@2.xversion - If you are using SDK version 1.x, please refer to Login Authentication (v1)
- v2 version currently does not support Official Account login. If you need to use this method, please use the v1 version
This document will introduce using the V2 version.
Preparatory Actions
Enable Anonymous Login
- Go to CloudBase/Authentication
- In the login methods list, select the Anonymous Login method and click Enable.
Login Flow
auth instance, please refer to SDK Initialization
Auth.signInAnonymously is used for anonymous login.
await auth.signInAnonymously();
const loginScope = await auth.loginScope();
// If it is an anonymous login, returns true.
console.log(loginScope === "anonymous");
Access Control
Anonymous users have an auth.loginType value of ANONYMOUS in security rules. By using security rules, developers can restrict anonymous users' access permissions to Cloud Database and Cloud Storage. For example, the security rules shown in the following code are:
- Anonymous users cannot read or write to Cloud Database;
- Cloud Storage is readable by all users, but not writable by anonymous users.
- Cloud Database
- Cloud Storage
{
"read": "auth.loginType != 'ANONYMOUS'",
"write": "auth.loginType != 'ANONYMOUS'"
}
{
"read": "auth != null",
"write": "auth.loginType != 'ANONYMOUS'"
}
For details, see Security Rules - User Authentication.
Convert to Formal User
If users generate some private data in an anonymous state (such as personal achievements and equipment obtained in games), and want to convert this anonymous account into a formal account for long-term retention.
To address this requirement, you can perform Anonymous User Conversion Registration to transfer the private data from this anonymous account to a formal account.
Example of converting to a formal user:
- Anonymous Login
const auth = app.auth();
await auth.signInAnonymously();
Sign in via a specific method
Obtain the access_token and perform conversion registration.
const {
accessToken
} = await auth.getAccessToken();
await auth.signUp({
// For other parameters, see auth.signUp.
anonymous_token: access_token,
});
Additionally, refer to: Account Linking.
Frequently Asked Questions
What is the difference between anonymous login and not being logged in?
From the perspective of end users:
- Anonymous login and not being logged in have no difference in initial usage experience; neither requires registration.
- Anonymous login users have independent user identifiers. Within the validity period on the same device, they can generate independent private data.
- Compared with not being logged in, anonymous login can be converted to a formal account, and private data generated during anonymous login will be automatically inherited by the formal account.
From the perspective of application developers:
- The anonymous user generated by CloudBase anonymous login is essentially a valid user with a unique user ID, enabling the creation of private Cloud Database and Cloud Storage data, as well as the formulation of personalized access policies in conjunction with Security Rules.
- Unauthenticated mode is purely for access without a login state; accesses under this mode will not be included in user tracking statistics.
- Unauthenticated users cannot access any CloudBase services or resources under default permissions, while anonymous login allows corresponding read/write operations on resources even under basic permissions, and can achieve more granular control when combined with security rules.
Do anonymous users expire?
CloudBase's validity policy for anonymous users is: only one anonymous user exists per device at the same time, and this user never expires. However, if a user manually clears the device or browser's local data, the anonymous user's data will be synchronously cleared. Calling CloudBase's anonymous login API again will generate a new anonymous user.