Docs Menu

Docs HomeAtlas App Services

Authentication Providers

Users log in to your client application using authentication providers. Apps provide several authentication provider options.

  • Anonymous Authentication allows users to view or edit data without creating an account.

  • Facebook and Google allow users to log in with existing credentials.

  • These authentication providers log users in with new credentials: - Email/Password auth - API Key auth - Custom JWT Auth - Custom Function Auth

Use a single provider when all users authenticate in the same way. For more flexibility, you can enable multiple providers. Link user accounts from one provider to another with client SDKs.


A blog or news service app might use multiple authentication providers. A reader might authenticate anonymously with no need to register. Journalists would sign in through an account with authorization to publish content. In this example, an anonymous user might have read-only access. The journalist with an account would have write access.

Atlas App Services provides these authentication providers for user login:

Authentication Provider
Authenticate without credentials. Allow users to create and interact with data without creating an identity. This is great for a read-only user, or one who does not need to persist important data. You can later link the data from the Anonymous session with a permanent identity. See the client SDK documentation for details.
Authenticate with an email address and password. Client applications must implement email confirmation and password reset functionality. Realm SDKs provide methods to simplify or customize this implementation.
Log in with API keys generated in the App Services admin console or by your end users.
Use OAuth2 to log in with an Apple ID.
Use OAuth2 to log in with an existing Google account.
Use OAuth2 to log in with an existing Facebook account.
Log in with JWT-based credentials generated by a service external to App Services.
Log in with arbitrary credentials according to custom authentication logic that you define.

Each authentication provider can associate metadata fields with an application user. Some providers, such as Email/Password, always add specific fields. Others allow you to configure the data to associate with each user. Authentication providers include these metadata fields in a user object:

Authentication Provider
Anonymous users have no metadata.
Email/Password users always have an email field. This contains the user's email address.
API Key users always have a name field. When you create an API key, you give it a name. When users authenticate with API keys, the name field contains the key name.
OAuth 2.0 (Facebook & Google)
OAuth 2.0 authentication services can provide user metadata. Specify the metadata you want to access in the provider's Metadata Fields configuration. Each user must grant your app permission to access the requested data.
Custom Function authentication users do not have metadata.
You can add metadata to JWT users. This metadata comes from data in the JWT that the authentication system returns. Use the Metadata Fields configuration to specify the expected metadata. This configuration maps fields in the JWT to fields in the user object.
  • App Services's authentication providers allow users to log in to your app.

  • You can link a specific user across multiple providers.

  • Each authentication provider has metadata about a user's identity.

←  Delete or Prevent Users From Accessing an AppAnonymous Authentication →
Share Feedback
© 2022 MongoDB, Inc.


  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2022 MongoDB, Inc.