Anonymous Auth
This feature is in beta. Core behavior is stable and ready to try, but some APIs or configuration may still evolve before general availability.
Let users explore your app without registration. Anonymous accounts can be converted to permanent accounts later.
When CAPTCHA is enabled, anonymous sign-in is protected by Turnstile. Supported UI runtimes can acquire the token automatically; headless runtimes and custom UI must provide it explicitly.
Enable
// edgebase.config.ts
auth: {
anonymousAuth: true,
}
Sign In Anonymously
- JavaScript
- Dart/Flutter
- Swift
- Kotlin
- Java
- C#
- C++
const { user } = await client.auth.signInAnonymously();
// user.isAnonymous → true
final result = await client.auth.signInAnonymously();
let result = try await client.auth.signInAnonymously()
val result = client.auth.signInAnonymously()
Map<String, Object> result = client.auth().signInAnonymously();
var result = await client.Auth.SignInAnonymouslyAsync();
auto result = client.auth().signInAnonymously();
Convert to Email Account
- JavaScript
- Dart/Flutter
- Swift
- Kotlin
- Java
- C#
- C++
await client.auth.linkWithEmail({
email: 'user@example.com',
password: 'securePassword',
});
// user.isAnonymous → false (data preserved)
await client.auth.linkWithEmail(email: 'user@example.com', password: 'securePassword');
try await client.auth.linkWithEmail(email: "user@example.com", password: "securePassword")
client.auth.linkWithEmail(email = "user@example.com", password = "securePassword")
client.auth().linkWithEmail("user@example.com", "securePassword");
await client.Auth.LinkWithEmailAsync("user@example.com", "securePassword");
client.auth().linkWithEmail("user@example.com", "securePassword");
Conversion atomically revokes every anonymous session and replaces them with one permanent-account session. If the network response or local credential write fails after the request was sent, retry within five minutes using the same email (case and surrounding whitespace are normalized) and exact password. EdgeBase returns the original replacement pair; a different user, email, password, or non-initiating session cannot recover it.
Convert to OAuth Account
- JavaScript
- Dart/Flutter
- Swift
- Kotlin
- Java
- C#
- C++
await client.auth.linkWithOAuth('google');
final url = await client.auth.linkWithOAuth('google');
await launchUrl(Uri.parse(url));
let url = try await client.auth.linkWithOAuth(provider: "google")
val url = client.auth.linkWithOAuth("google")
String url = client.auth().linkWithOAuth("google");
var url = client.Auth.LinkWithOAuth("google");
auto url = client.auth().linkWithOAuth("google");
Access Rules
Use auth.isAnonymous in access rules to differentiate anonymous users:
access: {
insert(auth) { return auth !== null && !auth.isAnonymous }, // Only registered users
read(auth) { return auth !== null }, // Any authenticated user (including anonymous)
}
Auto-Cleanup
Stale anonymous accounts are automatically deleted after auth.anonymousRetentionDays (default: 30 days).