Create an App User

Overview

Atlas App Services provides various authentication providers to log users into your app. For most providers, App Services automatically creates a user account the first time a user authenticates through the provider. The only exception is email/password user authentication, which requires registering and confirming a user before the user can authenticate.

Identity

When you first log in with an authentication provider, App Services creates a user object that contains a unique identity ID and provider-specific metadata about the user.

Create an Email/Password User

When you use email/password user authentication, you must first register a user, which creates the user object. You can register users in your client application using your preferred SDK or you can manually create email/password users.

After registering the user, you must confirm the user before they can authenticate.

Confirm a User

You must confirm the email address of new Email/Password users before they are permitted to log into App Services. The exact method of confirmation depends upon your provider configuration, but typically involves a handshake process between the user and your application. You can read more about Email/Password user confirmation at Email/Password Confirmation.

Sometimes, users are unable to complete the confirmation process. For example:

• An overzealous spam filter might block App Services email confirmation emails.

• A proxy or web blocker could prevent a user from activating the confirmUser client SDK function via the client application.

• An implementation error could cause the client application's user confirmation page to fail for specific use cases.

To help you work around cases like this, you can confirm users manually using the App Services UI or the Admin API:

Re-run the User Confirmation Workflow

A few circumstances can lead to incomplete Email/Password user confirmation workflows:

• An email is caught by a spam filter, not delivered due to a bug, or accidentally deleted by a prospective App Services user.

• A custom confirmation function is unable to communicate with an unconfirmed user due to a bug or oversight.

• An unconfirmed user forgot to visit their confirmation link within 30 minutes of receiving their login tokens, and the tokens expired.

Users caught in this situation appear stuck in an unconfirmed state. Since an existing account has their email registered to it, users cannot create a new account with the same email address. Also, they cannot log into an account that is not confirmed.

Applications that use the built-in email confirmation service of App Services can use the resendConfirmationEmail Client SDK method to send a new email with a new confirmation link to the user, allowing them to confirm their account and log in. Calling this method will result in an error by any application using a confirmation flow other than send a confirmation email.

There is no such specific method to re-run a custom confirmation function. Instead, App Services has a method to trigger a re-run of whatever the current Email/Password user confirmation workflow happens to be. You can manually re-run the currently selected user confirmation flow using the App Services UI or the App Services Admin API:

Summary

• For all providers except for Email/Password authentication, App Services automatically creates a user object the first time a user authenticates.

• You can log in to a single account with more than one provider by using the Realm SDKs to link identities.

• The Email/Password authentication provider requires users to create an account the first time they connect to your App.

• Email/Password users must be confirmed manually through the App Services UI or Admin API.

• Users caught in an incomplete Email/Password confirmation workflow must re-run the confirmation through the App Services UI or Admin API.