Tutorial: Guest login

Serverless AuthenticationSigning in and out Guest login

Guest login makes it possible to authenticate users without any explicit credentials. The authentication is based on a temporary session (associated with your Webcom application), which is created locally on the client device. Anyone invoking the guest login on this device will then be authenticated always the same way (i.e. with the same account identifier).

It can be useful to allow a guest user to modify the data s/he created while providing other users with read-only access to the same data. Think for example to a blog (with comments) service where users can edit their posts. Another example could be a guest user on a chat service: the user doesn't need to sign in, but the service is able to securely identify her/his messages.

On the back end side, a new temporary account identifier (uid) is generated when a user authenticates with guest login. It remains valid until her/his session ends (as configured in the "authentication" tab of the Webcom developer console) or s/he explicitly signs out.

If you wish to keep the uid of a guest user further, you have to associate it with another permanent identity (for example an email-based one) before it expires.

Guest login usage

To use guest login, it must first be enabled in the "authentication" tab of the Webcom developer console.

Then, simply use the following snippet (replace “<your-app>” with your actual application identifier):

// const app = Webcom.App("<your-app>"); // UNCOMMENT if you haven't yet an instance of your app!
// Get an instance of the authentication service
const auth = app.authentication;
// Sign in
auth.signInAsGuest()
    .then(authDetails => console.log("Anonymously logged in with the following identity:" , authDetails))
    .catch(error => console.log("Authentication error: ", error));

The authDetails parameter returned by the promise is a JSON object representing the signed in identity, which directly feeds the current authentication state. The provider property here equals "anonymous".

val myApp = WebcomApplication.default // the app defined by the 'webcom.properties' asset file
val authenticator = myApp.authenticationService

authService.getGuestMethod().authenticate { // it: WebcomResult<AuthenticationDetails>
    when (it) {
        is WebcomResult.Success -> print("logged in with the account: ${it.result.uid}")
        is WebcomResult.Failure -> print("error: ${it.error.errorCode}")
    }
}
let authenticationService = Webcom.defaultApplication.authenticationService
let guestMethod = AuthenticationMethodGuest()
authenticationService.authenticate(with: guestMethod) { result in
    switch result {
    case let .success(details):
        print("Logged in with the account:", details.uid)
    case let .failure(error):
        print("Error:", error)
    }
}

Security rules

In the case of guest login, the authentication state passed to security rules contains no more than the generic provider, providerUid and uid fields (see authentication model).

Here is a typical example of security rules designed for guest login:

{
  "rules": {
    "users": {
      "$userId":{
        // allow the user itself to edit its own profile
        ".write": "auth !== null && auth.uid === $userId",
        
        // allow only guest users to read
        ".read": "auth !== null && auth.provider === 'anonymous'"
      }
    }
  }
}