Docs Menu

Authentication Providers

Users log in to your client application using authentication providers. Realm apps provide several authentication provider options.

Use a single provider when all users authenticate in the same way. For more flexibility, you can enable multiple providers. Link user accounts from one provider to another with client SDKs.

Example

A blog or news service app might use multiple authentication providers. A reader might authenticate anonymously with no need to register. Journalists would sign in through an account with authorization to publish content. In this example, an anonymous user might have read-only access. The journalist with an account would have write access.

Realm provides these authentication providers for user login:

Authentication Provider
Description
anon-user
Authenticate without credentials. Allow users to create and interact with data without creating an identity. This is great for a read-only user, or one who does not need to persist important data. You can later link the data from the Anonymous session with a permanent identity. See the client SDK documentation for details.
local-userpass
Authenticate with an email address and password. Client applications must implement email confirmation and password reset functionality. Realm SDKs provide methods to simplify or customize this implementation.
api-key
Log in with API keys generated in the Realm admin console or by your end users.
oauth2-apple
Use OAuth2 to log in with an Apple ID.
oauth2-google
Use OAuth2 to log in with an existing Google account.
oauth2-facebook
Use OAuth2 to log in with an existing Facebook account.
custom-token
Log in with JWT-based credentials generated by a service external to Realm.
custom-function
Log in with arbitrary credentials according to custom authentication logic that you define.

Each authentication provider can associate metadata fields with an application user. Some providers, such as Email/Password, always add specific fields. Others allow you to configure the data to associate with each user. Authentication providers include these metadata fields in a user object:

Authentication Provider
Details
Anonymous users have no metadata.
Email/Password users always have an email field. This contains the user's email address.
API Key users always have a name field. When you create an API key, you give it a name. When users authenticate with API keys, the name field contains the key name.
OAuth 2.0 (Facebook & Google)
OAuth 2.0 authentication services can provide user metadata. Specify the metadata you want to access in the provider's Metadata Fields configuration. Each user must grant your app permission to access the requested data.
Custom Function authentication users do not have metadata.
You can add metadata to JWT users. This metadata comes from data in the JWT that the authentication system returns. Use the Metadata Fields configuration to specify the expected metadata. This configuration maps fields in the JWT to fields in the user object.
  • Realm's authentication providers allow users to log in to your app.
  • You can link a specific user across multiple providers.
  • Each authentication provider has metadata about a user's identity.
←  Delete or Prevent Users From Accessing a Realm ApplicationAnonymous Authentication →
Give Feedback
© 2022 MongoDB, Inc.

About

  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2022 MongoDB, Inc.