Anonymous login
All logic for CloudBase anonymous login can be actively executed by client-side code without requiring manual user intervention. While in an anonymous login state, users can normally access CloudBase resources. Developers can also enforce corresponding access restrictions for anonymous users in conjunction with security rules.
Activation Process
Enabling Anonymous Login
Log in to the Tencent Cloud CloudBase console. On the Login Authorization page, turn the Anonymous login option on or off.
Adding Security Domains (Optional)
Web applications must add their domain names to the Web Security Domains list in the CloudBase console; otherwise, they will be identified as unauthorized sources:
Login Process
import cloudbase from '@cloudbase/js-sdk';
const app = cloudbase.init({
env: 'xxxx-yyy';
});
const auth = app.auth();
async function login(){
await auth.anonymousAuthProvider().signIn();
// When anonymous login is successful, the isAnonymous field in the login status is detected as true
const loginState = await auth.getLoginState();
console.log(loginState.isAnonymousAuth); // true
}
login();
Security Rules
Anonymous users have an auth.loginType value of ANONYMOUS in security rules. By using security rules, developers can restrict anonymous users' access permissions to Cloud Database and Cloud Storage. For example, the security rules shown in the following code are:
- Anonymous users cannot read or write to Cloud Database;
- Cloud Storage is readable by all users, but not writable by anonymous users.
- Cloud Database
- Cloud Storage
{
"read": "auth.loginType != 'ANONYMOUS'",
"write": "auth.loginType != 'ANONYMOUS'"
}
{
"read": "auth != null",
"write": "auth.loginType != 'ANONYMOUS'"
}
For details, see Security Rules - User Authentication.
Transition to Authenticated User
If a user has generated some private data (such as personal achievements and equipment obtained in a game) while in an anonymous state and wishes to convert this anonymous account into a formal account to retain it permanently.
To address this need, you can associate the anonymous account with any login method. After association, you can permanently use that login method to access CloudBase, achieving the effect of "converting an anonymous account to a permanent one".
For details, refer to: Account Linking.
Frequently Asked Questions
What is the difference between anonymous login and not being logged in?
From the perspective of end users:
- Anonymous login and not being logged in have no difference in initial usage experience; neither requires registration.
- Anonymous login users have independent user identifiers. Within the validity period on the same device, they can generate independent private data.
- Compared with not being logged in, anonymous login can be converted to a formal account, and private data generated during anonymous login will be automatically inherited by the formal account.
From the perspective of application developers:
- The anonymous user generated by CloudBase anonymous login is essentially a valid user with a unique user ID, enabling the creation of private Cloud Database and Cloud Storage data, as well as the formulation of personalized access policies in conjunction with Security Rules.
- Unauthenticated mode is purely for access without a login state; accesses under this mode will not be included in user tracking statistics.
- Unauthenticated users cannot access any CloudBase services or resources under default permissions, while anonymous login allows corresponding read/write operations on resources even under basic permissions, and can achieve more granular control when combined with security rules.
Do anonymous users expire?
CloudBase's validity policy for anonymous users is: only one anonymous user exists per device at the same time, and this user never expires. However, if a user manually clears the device or browser's local data, the anonymous user's data will be synchronously cleared. Calling CloudBase's anonymous login API again will generate a new anonymous user.