Overview
CloudBase provides cross-platform login authentication capabilities. You can use this to build a user system for your own applications, including but not limited to:
- Assign a globally unique identity identifier (uid) to the user.
- Store and manage user personal information;
- Associate multiple login methods;
- Manage user access to data and resources;
- Collection and analysis of user behavior.
Meanwhile, CloudBase login authentication serves as a crucial mechanism for protecting your service resources. CloudBase performs identity and permission verification on every client request to prevent malicious attackers from consuming or misappropriating your resources.
Login Authentication (v1) applies to @cloudbase/js-sdk@1.x. If you are using SDK version 2.x, please refer to Login Authentication (v2 beta).
Login Authentication Methods
CloudBase provides the following login authentication methods for different user scenarios:
| Login Type | Scenario |
|---|---|
| Anonymous Login | Users log in to CloudBase with a temporary anonymous identity without registration. |
| Email Login | Users log in with their own email+password. |
| WeChat Authorization Login | 1. WeChat Official Accounts Platform-authorized official account web pages; 2. WeChat Open Platform-authorized websites. |
| Custom Login | Developers can fully take over the login process, such as integrating with their own account systems or customizing login logic. |
| Username and Password Login | Users log in with their own username+password. |
| WeChat Mini Program Login | WeChat Mini Programs that have enabled CloudBase automatically complete login authentication during initialization without additional operations. |
| SMS Verification Code Login | Users log in with their own phone number+verification code. |
CloudBase Users
Each user who logs in to CloudBase has a corresponding CloudBase account. Through this account, users access and utilize CloudBase's data and resources.
UID
Each account has a globally unique UID, which is the account ID, serving as the user's unique identity identifier.
User Information
Each account can add and modify user information. Please refer to Manage Users.
Login Methods
In addition to the initial login method, each account can link other login methods. For details, refer to Account Linking.
Persistence of Login Status
You can specify how the login state persists. The default is local, and the available options include:
| Value | Description |
|---|---|
session | Retains the login state in SessionStorage, which will be cleared after the current page is closed. |
local | Retains the login state persistently in local storage. |
none | Retains the login state in memory, which will be cleared after page refresh or redirection. |
For example, for web applications, the best choice is local, which retains the user's session after the browser is closed. This way, users do not need to log in repeatedly every time they visit the page, avoiding inconvenience to them.
Anonymous login has its persistence type forcibly set to local, and any externally set value will be ignored.
Access Token and Refresh Token
After a user logs in to CloudBase, they will obtain an Access Token as the credential for accessing CloudBase services. This access token has a default validity period of two hours.
Upon login, the user will also obtain a Refresh Token, which has a default validity period of 30 days and is used to acquire a new access token when the existing one expires.
CloudBase client-side SDK automatically manages token refresh and validity, so developers do not need to pay special attention to this process.
The Refresh Token for Anonymous login is automatically renewed upon expiration to maintain a long-term anonymous login state.