Please complete authentication features

ros

#9

@nirinchev thanks…
but you say “most”… we can’t release with most, we need all… for example, you don’t mention forgot password, which is different to reset password… or what am I supposed to understand under “most”?

Btw, for the meantime, perhaps you should inform the users that your authentication isn’t production ready and provide full examples how to implement custom authentication with major providers like Firebase. It’s very misleading at the moment because this isn’t stated anywhere. The examples and everything always show your own provider - which leads us to think this is ready to use.


#10

When I say reset password, I mean functionality to allow users to request that an email be sent with a link to reset their password and choose a new one. Not sure if that’s different from what you have in mind about forgot password.

And I said “most” because it’s not clear to me what some of these points include. For example “No confirmation emails for register / change password” may mean that you expect that ROS sends an email to the user to notify them that they’ve changed their password which doesn’t seem like critical functionality.

Ultimately, authentication is a very broad field and deciding when a system is production ready depends heavily on your app’s requirements. With the upcoming improvements, I’m fairly confident we’ll cover most apps’ needs, but for some advanced scenarios, such as two-factor authentication or sms verification, the password provider may never be considered “production ready”. This is why we’ve made it extremely easy to integrate with auth0 or similar services, whose entire business model is based on providing extremely feature rich authentication API. In terms of documentation, we have examples on integrating with cognito and will soon publish tutorials for auth0.

In any case, if you outline your app’s authentication requirements, I’d be happy to give you some broad timelines on when you can expect us to ship these features. We’d like to be as transparent as possible as we have no interest in misleading you into using our built-in auth providers if they’re not going to be complete enough by the time you launch your app.


#11

Thanks for the detailed response @nirinchev

I’m perfectly fine with the standard / basic features, no special needs. With the confirmation emails, I meant the typical “confirm you registration” email, in the case of register, and the email to reset the password, which you just mentioned.

It was important to mention specifically forgot password, because reset password can be understood as when you’re already logged in an just want to change it. But you just also clarified that this will be included as well, so all good.

Please understand the irritation so far, the clarity, concerning this topic, which you have brought in with this last message, is missing everywhere else.


#12

My vote is that we get our hands on the new authentication features sooner rather than later. While Realm Cloud is in beta I think devs understand bugs are part of the deal. By giving it to us sooner we can find bugs sooner. It also lets us work out how we work the new auth features into our workflow.


#13

I think authentication is not realms major purpose and therefore authentication should not be priority. From the beginning I found it strange that this was even offered and would never embed this in my productive version since it also would make my product even more depending on the database/cloud database solution. Therefore very happy with the Auth0-Plug and play system which works perfectly for me.


#14

We’ve rolled out password/reset and email confirmation functionality to all instances now. It depends on the username used to register the user being their email. By default emails are sent from [email protected], but you can change that if you provide your own SMTP connection string.


#15

Any documentation coming?


#16

Let me be the first to make a mess of this. From the Realm Cloud log for our instance:
`Failed to start provider PasswordAuthProvider(password) with config {“autoCreateAdminUser”:true,“emailHandlerConfig”:{“connectionString”:,“from”:[email protected],“baseUrl”:“https://***.us1a.cloud.realm.io/”}}. Error: TypeError: Cannot create property ‘mailer’ on string

my-smtp-server is the server I use in send mail config for my email client.

I’ve created a ticket at support.realm.io


#18

@nirinchev That’s great to read! Some questions: Is there documentation available and when do you think this functionality will be available in the clients (in my case interested in iOS/Swift)?


#19

The docs are being written, so hopefully by next week we’ll have it. We’re updating the SDKs currently, so they should expose convenience API in their next releases. In the meantime, you can redirect your users to https://my-instance-name.cloud.realm.io/reset-password where they’ll be able to initiate the password reset flow themselves. If you’re in a rush though and the web form doesn’t fit well in your app flow, I can outline the HTTP API you can call manually to initiate the reset flow.


#20

Hi,

As im about to go live start of next month will appreciate if you can outline the http API.
Is there an option to control password complexity upon reset? Via the link you sent user can set a one letter password for example.
Thank you


#21

Thanks @nirinchev!

I’m not sure I’ll need the HTTP API but other people seem interested in it, so this is in any case welcome.

Will registration confirmation email also be available (seems fitting if there’s forgot password)?
Edit: You actually wrote “We’ve rolled out password/reset and email confirmation” before so I guess that’s a yes.

A last question - since it was listed in the initial points - will the next version of the client SDKs support delete account too?

I’m just planning 1-2 days to integrate all this (i.e. finish everything authentication related) once the SDK is ready and would be interested in knowing about when this could be.


#22

Pushing this, just in case it was forgotten.


#23

@ischuetz We have the documentation for the server side here:
https://docs.realm.io/platform/v/3.x/self-hosted/customize/authentication/username-password/password-reset-and-email-confirmation

The HTTP API has been wrapped in a convenience SDK API for all the bindings, you can find it as the changePassword method off the SyncUser object:
https://realm.io/docs/java/5.1.0/api/


#24

@ianward great, thanks. Will this be integrated in the client SDK at some point? And what about delete account?


#25

@ischuetz changePassword has been integrated into an SDK - see the API guide above

I do not believe Delete Account is being worked on right now


#26

Thanks @ianward

  • How to configure reset password with Realm cloud? The docs mention my-app/src/index.ts. Where do I find this?
  • Still no news about delete account? Last time I checked it was possible with a http call but it needed a token that was private, at least in the Cocoa SDK. I hope it’s not impossible for users to delete account?

#27

@ischuetz

How to configure reset password with Realm cloud?

If you are using the Realm password provider then this should be configured for you automatically using our defaults.

Still no news about delete account?

This is possible by using a HTTP API as shown here:


#28

Thanks @ianward. One question remains regarding delete account - the last time I tried to use this http call I wasn’t able to retrieve _refreshToken, because it’s private. How can I access this from Swift?


#29

@ianward And another question, why can I login without having confirmed the registration email? I enabled these emails, deleted the users in Realm, registered, got an email and then logged in with the account I just registered without having confirmed the email. Is this a bug or am I missing something?