Overview
CloudBase provides a cross-platform login authentication feature. You can build upon this to create a user system for your own applications, including but not limited to:
- Assigns a globally unique identity identifier uid to each user;
- Stores and manages users' personal information;
- Associates multiple login methods;
- Manages users' access permissions to data and resources;
- Collects and analyzes user behavior.
CloudBase login authentication also serves as a critical means to protect your service resources. For every request from the client, CloudBase verifies the identity and permissions to prevent your resources from being consumed or stolen by malicious attackers.
Login Authentication (v1) applies to the @cloudbase/js-sdk@1.x version. If your SDK version is 2.x, please refer to Login Authentication (v2 beta).
Login Authentication Methods
CloudBase provides the following login authentication methods for different user scenarios:
| Login Type | Scenario |
|---|---|
| Anonymous Login | Users log in to CloudBase with a temporary anonymous identity without registration. |
| Email Login | Users log in using their own email + password. |
| WeChat Authorization Login | 1. Official account web pages authorized by the WeChat Official Accounts Platform; 2. Websites authorized by the WeChat Open Platform. |
| Custom Login | Developers can fully take over the login process, such as integrating with their own account systems and customizing login logic, etc. |
| Username and Password Login | Users log in using their own username + password. |
| WeChat Mini Program Login | WeChat Mini Programs that have enabled CloudBase will automatically complete login authentication upon initialization without additional operations. |
| SMS Verification Code Login | Users log in using their own phone number + verification code. |
CloudBase Users
Each user who logs in to CloudBase has a corresponding CloudBase account, through which they access and invoke CloudBase's data and resources.
UID
Each account has a globally unique UID, i.e., the account ID, serving as the user's unique identity identifier.
User Information
Each account can add and modify user information. Please refer to Manage Users.
Login Methods
Each account can associate additional login methods besides the initial one. Please refer to Account Linking.
Persistence of Login State
You can specify how the login state persists. It defaults to local, and related options include:
| Value | Description |
|---|---|
session | The login state is retained in SessionStorage and will be cleared when the current page is closed. |
local | The login state is persisted in local storage long-term. |
none | The login state is retained in memory and will be cleared after the current page is refreshed or redirected. |
For example, for web applications, the best choice is local, which retains the user's session even after the user closes the browser. This prevents users from having to repeatedly log in every time they visit the web page, avoiding inconvenience.
Anonymous Login has its persistence type forcibly set to local, and any externally set value will be ignored.
Access Token and Refresh Token
After logging in to CloudBase, users obtain an Access Token as the credential to access CloudBase. The access token has a default validity period of two hours.
During login, a Refresh Token is also obtained, which has a default validity of 30 days and is used to obtain a new access token when the access token expires.
| session | The login state is retained in SessionStorage and will be cleared when the current page is closed. |
Anonymous Login Refresh tokens are automatically renewed upon expiration to maintain long-term anonymous login status.