Skip to main content

Anonymous Auth

Beta

This feature is in beta. Core behavior is stable and ready to try, but some APIs or configuration may still evolve before general availability.

Let users explore your app without registration. Anonymous accounts can be converted to permanent accounts later.

Captcha Protection

When CAPTCHA is enabled, anonymous sign-in is protected by Turnstile. Supported UI runtimes can acquire the token automatically; headless runtimes and custom UI must provide it explicitly.

Enable

// edgebase.config.ts
auth: {
anonymousAuth: true,
}

Sign In Anonymously

const { user } = await client.auth.signInAnonymously();
// user.isAnonymous → true

Convert to Email Account

await client.auth.linkWithEmail({
email: 'user@example.com',
password: 'securePassword',
});
// user.isAnonymous → false (data preserved)

Conversion atomically revokes every anonymous session and replaces them with one permanent-account session. If the network response or local credential write fails after the request was sent, retry within five minutes using the same email (case and surrounding whitespace are normalized) and exact password. EdgeBase returns the original replacement pair; a different user, email, password, or non-initiating session cannot recover it.

Convert to OAuth Account

await client.auth.linkWithOAuth('google');

Access Rules

Use auth.isAnonymous in access rules to differentiate anonymous users:

access: {
insert(auth) { return auth !== null && !auth.isAnonymous }, // Only registered users
read(auth) { return auth !== null }, // Any authenticated user (including anonymous)
}

Auto-Cleanup

Stale anonymous accounts are automatically deleted after auth.anonymousRetentionDays (default: 30 days).