Docs Menu
Docs Home
/ /
Atlas Device SDKs
/ /

Authenticate Users - C++ SDK

On this page

  • Log In
  • Anonymous User
  • Email/Password User
  • API Key User
  • Custom Function User
  • Custom JWT User
  • Facebook User
  • Google User
  • Apple User
  • Get a User Access Token
  • Refresh Token Expiration
  • Log Out
  • Get the Current User
  • Confirm a User is Logged In

If you have enabled Anonymous authentication in the App Services UI, users can immediately log into your app without providing any identifying information.

auto appConfig = realm::App::configuration();
appConfig.app_id = APP_ID;
auto app = realm::App(appConfig);
auto user = app.login(realm::App::credentials::anonymous()).get();

If you have enabled Email/Password authentication, and have registered an email/password user, you can log that user in.

auto user = app.login(realm::App::credentials::username_password(
userEmail, userPassword))
.get();

If you have enabled API Key authentication, you can log in using a user API key.

auto appConfig = realm::App::configuration();
appConfig.app_id = APP_ID;
auto app = realm::App(appConfig);
auto user = app.login(realm::App::credentials::api_key(API_KEY)).get();

If you have enabled the Custom Function authentication provider, you can log in using a custom function.

auto appConfig = realm::App::configuration();
appConfig.app_id = APP_ID;
auto app = realm::App(appConfig);
/* Custom function authentication takes a string parameters argument.
The parameter details vary depending on how you define your custom
authentication function. */
std::string params = "{\"username\": \"bob\"}";
auto user = app.login(realm::App::credentials::function(params)).get();

If you have enabled the Custom JWT authentication provider, you can log in using a custom JWT.

auto token = "<jwt>";
auto appConfig = realm::App::configuration();
appConfig.app_id = APP_ID;
auto app = realm::App(appConfig);
auto user = app.login(realm::App::credentials::custom(token)).get();

The Facebook authentication provider allows you to authenticate users through a Facebook app using their existing Facebook account.

Important

Enable the Facebook Auth Provider

To log a user in with their existing Facebook account, you must configure and enable the Facebook authentication provider for your application.

Important

Do Not Store Facebook Profile Picture URLs

Facebook profile picture URLs include the user's access token to grant permission to the image. To ensure security, do not store a URL that includes a user's access token. Instead, access the URL directly from the user's metadata fields when you need to fetch the image.

auto appConfig = realm::App::configuration();
appConfig.app_id = APP_ID;
auto app = realm::App(appConfig);
auto accessToken = "<token>";
auto user = app.login(realm::App::credentials::facebook(accessToken)).get();

If you have configured the Google authentication provider, you can log in using an existing Google account.

To log in with a Google authentication code, pass a Google authentication code to credentials::google_auth_code().

auto appConfig = realm::App::configuration();
appConfig.app_id = APP_ID;
auto app = realm::App(appConfig);
// The user's server auth code you got from Google
auto myAuthCode = "auth_code_from_google";
auto user =
app.login(realm::App::credentials::google_auth_code(myAuthCode)).get();

To log in with a Google ID token, pass a Google ID token to credentials::google_id_token().

auto appConfig = realm::App::configuration();
appConfig.app_id = APP_ID;
auto app = realm::App(appConfig);
// The user's OpenID Connect id_token you got from the Google OAuth response
auto myIdToken = "open_id_connect_id_token_from_google";
auto user =
app.login(realm::App::credentials::google_id_token(myIdToken)).get();

If you have enabled Sign-in with Apple authentication, you can log a user in using an Apple ID token.

auto appConfig = realm::App::configuration();
appConfig.app_id = APP_ID;
auto app = realm::App(appConfig);
auto idToken = "<token>";
auto user = app.login(realm::App::credentials::apple(idToken)).get();

The Realm SDK automatically manages access tokens, refreshes them when they expire, and includes a valid access token for the current user with each request.

If you send requests outside of the SDK then you must include the user's access token with each request. In this scenario, you must manually refresh the token when it expires. Access tokens expire after 30 minutes.

You can call .refresh_custom_user_data() on a logged-in user to refresh the user's auth session. Then, get the .access_token() as a string you can use in your code. You might use code similar to this to fetch an access token:

// With a logged-in user, refresh the custom user data to refresh the auth
// session
user.refresh_custom_user_data().get();
// Then get the user's access token
auto userAccessToken = user.access_token();

Refresh tokens expire after a set period of time. When the refresh token expires, the access token can no longer be refreshed and the user must log in again.

If the refresh token expires after the realm is open, the device will not be able to sync until the user logs in again. Your sync error handler should implement logic that catches a token expired error when attempting to sync, then redirect users to a login flow.

For information on configuring refresh token expiration, refer to Manage User Sessions in the App Services documentation.

Once logged in, you can log out.

Warning

When a user logs out, you can no longer read or write data in any synced realms that the user opened. As a result, any operation that has not yet completed before the initiating user logs out cannot complete successfully and will likely result in an error. Any data in a write operation that fails in this way will be lost.

user.log_out().get();

You can get the current user with app::get_current_user():

auto currentUser = app.get_current_user();

You can confirm a user is logged in with user::is_logged_in():

auto user = app.login(realm::App::credentials::anonymous()).get();
CHECK(user.is_logged_in());
← Manage Users