The Anonymous authentication provider allows users to log in to your application without providing credentials. Anonymous user objects have a unique ID value but no other metadata fields or configuration options.
An Anonymous user object is not intended to persist data. Once a user logs out, either by explicit logout or because the refresh token expires, the user cannot retrieve any previous user data.
Potential use cases for anonymous authentication include:
- Authenticating the readers of a blog or news service.
- Allowing end users to try the features of an application before registering for an account.
- Simplifying the creation of users while developing and testing the client application.
When someone authenticates anonymously, the provider generates an anonymous user object. If the app does not explicitly log this anonymous user out, the same anonymous user is reused. The anonymous user persists until explicit logout, or until the refresh token expires, which is currently 60 days. When the refresh token expires, login fails.
To persist data associated with an Anonymous user, you can associate that existing Anonymous identity with a user account created by a different authentication provider.
Realm may delete an Anonymous user object that is 90 days old (or older). When an account is deleted, it is not recoverable and any associated user data is lost. Documents created or modified by the user remain unaffected.
The anonymous authentication provider does not have any provider-specific configuration options.
For code examples that demonstrate how to register and log in using anonymous authentication, see the documentation for the Realm SDKs:
- Anonymous authentication allows users to interact with your application creating an identity.
- To persist data from an anonymous session after a user creates an identity with a different authentication provider, you can link the two identities.