Anonymous Login
CloudBase Anonymous Login allows all logic to be actively executed by client-side code without requiring manual user operations. While in an anonymous login state, users can normally access CloudBase resources. Developers may also configure corresponding access restrictions for anonymous users in conjunction with security rules.
Activation Process
Enable anonymous login
Log in to the Tencent Cloud CloudBase Console, and on the Login Authorization page, enable or disable the Anonymous Login option.
Add Secure Domains (Optional)
Web applications need to add their domain names to the Web Security Domains list in the CloudBase console; otherwise, they will be identified as an illegal source.
Login Process
import cloudbase from '@cloudbase/js-sdk';
const app = cloudbase.init({
env: 'xxxx-yyy';
});
const auth = app.auth();
async function login(){
await auth.anonymousAuthProvider().signIn();
// When anonymous login succeeds, detects the login status and returns true for the isAnonymous field.
const loginState = await auth.getLoginState();
console.log(loginState.isAnonymousAuth); // true
}
login();
Security Rules
The auth.loginType value for anonymous users in security rules is ANONYMOUS. By configuring security rules, you can restrict anonymous users' access permissions to the Database and Cloud Storage. For example, the security rules shown in the following code demonstrate:
- Anonymous users are not allowed to read from or write to the database;
- Cloud Storage is readable by all users, but not writable by anonymous users.
- Database
- Cloud Storage
{
"read": "auth.loginType != 'ANONYMOUS'",
"write": "auth.loginType != 'ANONYMOUS'"
}
{
"read": "auth != null",
"write": "auth.loginType != 'ANONYMOUS'"
}
For details, see Security Rules - User Authentication.
Convert to Formal User
If users generate private data in an anonymous state (e.g., obtain personal achievements and equipment in games) and wish to convert this anonymous account into a formal account for long-term retention.
To address this requirement, you can link the anonymous account with any login method. After linking, you can permanently use that login method to access CloudBase, achieving the effect of "converting an anonymous account to a formal one".
For details, please refer to: Account Linking.
Frequently Asked Questions
What is the difference between Anonymous Login and not being logged in?
From the end user's perspective:
- There is no difference in the initial usage between Anonymous Login and not being logged in, as neither requires registration;
- Anonymous Login users have a distinct user identifier, and during the validity period on the same device, they can generate separate private data;
- Compared to not being logged in, Anonymous Login can be upgraded to a full account, and private data generated during the anonymous login period will be automatically inherited under the full account.
From the application developer's perspective:
- The anonymous user generated by CloudBase Anonymous Login is essentially a valid user with a unique user ID, enabling the creation of private Database and Cloud Storage data for them, along with personalized access policies configured through Security Rules;
- Unauthenticated mode is purely stateless access; operations performed in this mode will not enter user tracking statistics;
- Under default permissions, users who are not logged in cannot access any CloudBase services or resources. In contrast, Anonymous Login allows corresponding resource read/write operations with basic permissions and can also implement more granular control when combined with security rules.
Do anonymous users expire?
CloudBase's policy for anonymous users is: only one anonymous user exists per device at a time, and this user never expires. However, if a user manually clears local data on the device or browser, the anonymous user data will be cleared immediately. Calling the CloudBase anonymous login API again will generate a new anonymous user.