Realm Cloud - half baked service


#1

My frustration with Realm Cloud lies with their authentication service or should I say, lack there of. In their defense, they do state deep in their docs “Realm does not recommend using these authentication methods in a production environment. Instead we recommend using our JWT Authentication Provider”. However, if they want small companies to use their service, they should offer a full authentication service. At the very least, they shouldn’t use a client’s cloud instance as the return address and web address for the password reset feature.

In the Realm Cloud announcement, they proudly proclaim “No server-side anything required – just sign up and get going.” which is a little deceiving.

Is there any work being done to make your username/password authentication more robust/full-featured? I can’t recommend Realm Cloud to anyone until it is.

I will end on a positive note. Besides authentication, Realm Cloud and Realm Mobile Database (Swift) has been pleasant to use and relatively easy to use.


#2

@joshRond Thank you for your continued support and understanding as we work to evolve this product. It also great to see that you read the docs along with the warning on using a JWT authentication provider. As an entrepreneur like yourself I am sure you know that in business everything is a measure of priorities - we have and will continue to prioritize synchronization features for mobile. There are a myriad other companies out there that just perform user management and authentication - they prioritize those kinds of features. This is why we recommend that a production app should outsource user management and authentication to a company which specialized in these features. In this way there will be no disappointment in why Realm Cloud does not have every feature needed by every use case.


#3

Thank you for the response. I know I am oversimplifying it but all Realm needs to do is create an alias or some kind of generic address for the password reset feature and small companies/projects could use your built in email/password provider. It is highly unsecure to use one’s realm instance as the address during password reset and should be a top priority to change this. LESS code the better, right? Why add yet another dependency into my app?


#4

We’ve used 3rd party auth providers in other applications but have sometimes struck reluctance by users to sign in using Google or Facebook or whatever.

We moved to 3rd party authentication to protect users identity but it cost us business. As the reputation of Google/Facebook for protecting user privacy has declined, we’ve noticed an increased reluctance by users to sign-in using these providers.

Third party auth is not an ideal solution. We also see many posts in this forum from users who struggle with auth.

We would be more comfortable moving our other apps to Realm if Realm offered more feature-complete authentication, or at the very least a generic alias for password reset as suggested by @joshRond and others.