Navigation

Anonymous Authentication

Anonymous authentication allows users to sign in without providing any credentials. To get started with anonymous authentication for your app:

  1. Click Authentication in the left navigation pane.

  2. Click the Edit button in the Allow users to log in anonymously row.

  3. Toggle the switch to enable anonymous authentication.

  4. In your client application, use the following SDK code to authenticate the Stitch client as an anonymous user:

    let stitchClient = new StitchClient("your-app-id");
    
    stitchClient
        .authenticate("anonymous")
        .then( authedUserId => {
            console.log("logged in anonymously as user", authedUserId);
        })
        .catch( err => {
            console.error("failed to log in anonymously:", err);
        });
    
    final StitchClient _client = new StitchClient(this, "your-app-id");
    
    _client.getAuthProviders().addOnSuccessListener(new OnSuccessListener<AvailableAuthProviders>() {
        @Override
        public void onSuccess(final AvailableAuthProviders auth) {
            if (auth.hasAnonymous()) {
                Log.d("stitch", "logging in anonymously");
                _client.logInWithProvider(new AnonymousAuthProvider()).addOnCompleteListener(new OnCompleteListener<String>() {
                    @Override
                    public void onComplete(@NonNull final Task<String> task) {
                        if (task.isSuccessful()) {
                            Log.d("stitch", "logged in anonymously as user " + task.getResult());
                        } else {
                            Log.e("stitch", "failed to log in anonymously", task.getException());
                        }
                    }
                });
            } else {
                Log.e("stitch", "no anonymous provider");
            }
        }
    });
    
    let client = StitchClient(appId: "your-app-id")
    
    client.fetchAuthProviders().then { (authProviderInfo: AuthProviderInfo) in
        if (authProviderInfo.anonymousAuthProviderInfo != nil) {
            return client.anonymousAuth()
        } else {
            print("no anonymous provider")
        }
    }.then { (userId: String) in
        print("logged in anonymously as user \(userId)")
    }.catch { error in
        print("failed to log in anonymously: \(error)")
    }
    

Anoymous authentication is the most basic authentication provider available in MongoDB Stitch. Anonymous authentication allows users to sign into a Stitch client application as a temporary anonymous user without providing any credentials. The users are given an id like any other user, and they can view and manipulate data according to service rules just like any other user.

Potential use cases for anonymous authentication include:

  • Authenticating readers of a blog or news service.
  • Allowing end users to try the features of an application as an anonymous user before registering for an account.
  • Simplifying the creation of users while developing and testing the client application.

Limitations

The primary limitation of anonymous authentication is that once a user’s refresh token expires (after sixty days), or the refresh token is lost (due to the user clearing their browser data or deleting the client application from their phone), the user will no longer be able to reauthenticate as that Stitch user.

The implications of this depend on how your service rules are configured, but it could mean that the user loses access to their data. For this reason, anonymous authentication should be the primary authentication provider is users must be able to persist data across sessions and devices.

Upcoming

In a future MongoDB Stitch release, you can convert an anonymous user to a permanent user by linking the anonymous user to a new identity that uses a different authentication provider.