To access Atlas App Services and use Atlas Device Sync with the Realm Flutter SDK, you must first authenticate a user with an App Services authentication provider.
For more information on configuring App Services Authentication, refer to App Services Authentication in the Atlas App Services documentation.
For all authentication providers other than email/password authentication, App Services automatically registers a user the first time a user authenticates. When using the email/password authentication provider, you must manually register a user. If a user authenticates via more than one method, you can link these user identities to a single user object.
You can also delete users. Deleting a user removes metadata attached to the user from App Services, but does not delete user-entered data from the backend.
Apple Account Deletion Requirements
Apple requires that applications listed through its App Store must give any user who creates an account the option to delete the account. Whether you use an authentication method where you must manually register a user, such as email/password authentication, or one that that automatically creates a user, such as Sign-In with Apple, you must implement user account deletion by June 30, 2022.
Log users in with an existing social account, such as Apple, Facebook, or Google.
Create new user accounts with App Services email/password management, or your own custom function or custom JWT user management.
Enable anonymous users to let users access your App Services App without persisting user data.
When you have a logged-in user, you can:
Open a synced realm with the user's configuration object
Run a backend function as the logged-in user
Change the active user in a multi-user application
Remove a user from the device
On successful login, the Flutter SDK caches credentials on the device. You can bypass the login flow and access the cached user. Use this to open a realm or call an Atlas Function upon subsequent app opens.
App Services manages sessions with access tokens and refresh tokens. Client SDKs supply the logic to manage tokens and provide them with requests.
Realm uses refresh tokens to automatically update a user's access token when it expires. However, Realm does not automatically refresh the refresh token. When the refresh token expires, the SDK can no longer get an updated access token and the device cannot sync until the user logs in again.
For more information on managing user sessions and tokens, see User Sessions in the App Services documentation.
Some authentication providers enable developers to access user metadata, such as full name or email address. When you configure these metadata fields on the App Services application, you can read this metadata from your client app.
To learn more about the user object that App Services provides the Flutter SDK, refer to the following documentation:
You can associate custom data with a user, such as a preferred language or local timezone, and read it from your client application. For more information on working with custom user data, refer to Custom User Data.