MongoDB Realm provides several authentication providers that you can integrate into a client application to allow users to log in to your Realm app.
- For applications where you want users to be able to view or manipulate data without registering or creating an account, you can use Anonymous Authentication.
- For applications where end users create an account or log in with existing credentials, you can use providers that integrate with existing login services (Facebook and Google), or use providers that allow you or your end users to create new credentials (Email/Password, API Keys, Custom JWT Auth and Custom Function Auth).
You can use a single provider if you want all users to authenticate in the same way, or you can enable multiple providers for more flexibility. You can also link a user account from one provider to a user account from another provider by using the client SDKs.
An example of an app that would benefit from multiple authentication providers is a blog or news service. The typical user of such an app would authenticate anonymously so that they don't need to register. However, the blog authors or journalists would need to sign in with some other provider to be authorized to publish new content.
The following is a list of the authentication providers available in Realm:
|Mechanism for authenticating without credentials. This allows users to create and interact with data without creating an identity. You can later link the data from the Anonymous session with a new identity; see your client SDK documentation for details.|
|Mechanism for authenticating with an email address and password. Requires implementing scripts with the SDKs for confirming an email and resetting a password.|
|Mechanism for logging in with API keys generated in the Realm admin console or by your end users.|
|OAuth2-based mechanism for logging in with an Apple ID.|
|OAuth2-based mechanism for logging in with an existing Google account.|
|OAuth2-based mechanism for logging in with an existing Facebook account.|
|Allow users to log in with JWT-based credentials generated by a service external to Realm.|
|Allow users to log in with arbitrary credentials according to custom authentication logic that you define.|
Each authentication provider can associate a distinct set of metadata fields with an application user. Some providers (such as Email/Password) always add specific fields, whereas others allow you to configure the data to associate with each user. The following table describes the metadata fields that each authentication provider includes in a user object:
|Anonymous||Anonymous users are not associated with any metadata.|
Email/Password users are always associated with the following metadata fields:
|API Key (Server & User)|
API Key users are always associated with the following metadata fields:
|OAuth 2.0 (Facebook & Google)||OAuth 2.0 users can be associated with data provided by the external authentication service according to the provider's Metadata Fields configuration. Users must explicitly grant your application permission to access the data.|
|Custom Function||Custom Function authentication users are not automatically associated with any data.|
|Custom JWT||Custom JWT authentication users can be associated with any data
included in the JWT returned from the external authentication
system. The provider's Metadata Fields configuration
maps fields in the JWT to fields that appear in the user object's
- MongoDB Realm supports various authentication providers to allow users to log in to your app.
- You can link a specific user across multiple providers.
- Each authentication provider has different metadata about a user's identity.