Docs Home → Atlas App Services
Authentication Providers
Users log in to your client application using authentication providers.
Apps provide several authentication provider options:
Anonymous Authentication allows users to view or edit data without creating an account.
The Email/Password and API Key providers let you register new user accounts and API keys that are unique to your App.
The OAuth providers for Facebook, Google, and Apple allow users to log in with their existing accounts using the OAuth 2.0 standard.
The Custom JWT and Custom Function providers allow you to integrate with any authentication system using standard JSON Web Tokens or custom code that you write.
Use a single provider when all users authenticate in the same way. For more flexibility, you can enable multiple providers. Link user accounts from one provider to another with client SDKs.
Example
A blog or news service app might use multiple authentication providers. A reader might authenticate anonymously with no need to register. Journalists would sign in through an account with authorization to publish content. In this example, an anonymous user might have read-only access. The journalist with an account would have write access.
Authentication Providers
Atlas App Services provides these authentication providers for user login:
Authentication Provider | Description |
|---|---|
anon-user | Authenticate without credentials. Allow users to create and interact
with data without creating an identity. This is great for a read-only
user, or one who does not need to persist important data. You can
later link the data from the Anonymous session with a permanent
identity. See the client SDK documentation for details. |
local-userpass | Authenticate with an email address and password. Client applications
must implement email confirmation and password reset functionality.
Realm SDKs provide methods to simplify or customize this
implementation. |
api-key | Log in with API keys generated in the App Services admin console
or by your end users. |
oauth2-apple | Use OAuth2 to log in with an Apple ID. |
oauth2-google | Use OAuth2 to log in with an
existing Google account. |
oauth2-facebook | Use OAuth2 to log in with an
existing Facebook account. |
custom-token | Log in with JWT-based credentials generated by a service external
to App Services. |
custom-function | Log in with arbitrary credentials according to custom authentication
logic that you define. |
User Metadata
Each authentication provider can associate metadata fields with an application user. Some providers, such as Email/Password, always add specific fields. Others allow you to configure the data to associate with each user.
To learn more, see Authentication Provider Metadata.
Authentication Provider | Details |
|---|---|
Anonymous users have no metadata. | |
Email/Password users always have an email field. This contains
the user's email address. | |
API Key users always have a name field. When you create an API
key, you give it a name. When users authenticate with API keys,
the name field contains the key name. | |
OAuth 2.0 authentication services can provide user metadata. Specify
the metadata you want to access in the provider's
Metadata Fields configuration. Each user must grant
your app permission to access the requested data. | |
Custom Function authentication users do not have metadata. | |
You can add metadata to JWT users. This metadata comes from data
in the JWT that the authentication system returns. Use the
Metadata Fields configuration to specify the expected
metadata. This configuration maps fields in the JWT to fields in
the user object. |
Summary
App Services's authentication providers allow users to log in to your app.
You can link a specific user across multiple providers.
Each authentication provider has metadata about a user's identity.