-
Notifications
You must be signed in to change notification settings - Fork 376
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Anonymous Sign-in #68
Comments
btw this is possible today by choosing a random email address and disabling email confirmations you can then later update the email address (this step I believe is currently only semi-functional) |
I think this is only true for apps which use email/password authentication—I'm not sure it's currently possible to convert an "anonymous" email/password user to a OAuth provider user upon sign up? |
We don't care about converting an anonymous user to a logged-in user, but we still want to be able to support anonymous users. So the workaround works for us. But is it possible to somehow still require email confirmations when users create a real account? Would it be possible to have two user groups or something? Or is the best solution to have two different projects? |
Our specific use case is that we want to offer a cart (with products) to our users. If they are logged in it is synced between devices, and otherwise it's just persistently available locally. We would have to save the cart in our backend for logged-in users and would prefer to do so for non-logged-in users as well. To not make carts publicly available we would like our users to have a JWT token pair (refresh token and short-term token) so that they can securely access their cart, even if they are not logged in. This will save us from having to store the cart in the frontend for non-logged-in users which would be duplicate work for us. |
How does that work @awalias ? if I disable email confirmations and then call this method: will the user be signed in at that point? |
Yes. I have tried this and that is how it works. A good practice is to randomize the email in a way so that it should never be possible to have. In our case we own the domain |
I can't get this to work. This is my function:
But user does not get populated. I have turned off the 'Enable email confirmations' setting. |
I think I might have used From the docs:
|
Hmm can't seem to get this to work. If I use signUp without a password I get an error saying If I use the signIn method then there's no error but user and session are still null.... |
Does it work if you do a signup with a random password? |
Thanks @juliuscc! Yes, that does work! I guess I can go with signing the user up with a random email and password and add the UID of the temporary profile to the user_id column for RLS. If they eventually sign up with their real email then I'll update the user_id with the new profiles UID and delete the temporary profile. |
It does add quite a bit of complexity though. @awalias,@kiwicopple any idea when the anonymous authentication feature might get implemented? Is there a roadmap somewhere? Thanks!! |
Is this feature being considered? It is often absolutely necessary for mobile apps. |
We 100% need this. It is the only thing that actually prevents me from using Supabase Auth in my mobile apps. I have to use Firebase just for this feature, and then I always add a userID column with these informations. One workaround could be to use Sign In With Apple on iOS because you can create an account literally with one single screen tap, but it still adds an unnecessary step (read : "wall") to the app, which can of course reduce user conversion. |
I have the same issue, I want to offer anonymous login and then when user decide login with a "real" login don't lose the data. I found a way to do that for email/password login, but I not figure out how to do with external providers. Someone found a way to do it? |
Any update here? This is the only thing that still makes me use Firebase instead of Supabase in certain projects. |
This is an important feature. I think it's only reason I won't go for supabase now. Sad to find out it's not available. Any plans to implement this soon? |
please take a look at this |
I've created an issue to add this to the Flutter SDK, please upvote: |
I have upgraded to supabase-js in to latest, and used yarn upgrade etc. I still can not reach the function yet. @supabase/supabase-js@2.40.0 |
@sameerxanand, @pedromassango, @ekimcem. I've been Googling to find this issue daily, I just happened to see this new result. I wasn't clear with my message of excitement - The point is that it's about to be available, their docs were updated first. |
hey everyone, we've just bump the supabase-js version to contain the with that said, you should be able to start using anonymous sign-ins in your projects today! 🎉 |
@kangmingtay, |
@kangmingtay and all, congrats on the new feature! We're already testing it and unfortunately bumped into a 500 error from the Supabase Server supabase/supabase-js#999 Is there any upgrade we need to do on our database for this to work? |
I ran into a similar issue @lucis, and it turned out to be entirely related to my project. I discovered that I had a trigger set up to add a row to the public.profiles table every time a new user signs up that was using specific values in the form of options.data (which corresponds to the raw_user_meta_data column in auth.users). The problem was that I wasn't passing those values correctly when calling the signInAnonymously method. Once I fixed that, everything worked like a charm. I'd recommend checking your database triggers. |
@lucis can you please reach out to https://supabase.help if you have any issues? it's hard for us to tell what went wrong just from a 500 error without any information about the project / logs |
That was it, @utku-kaan, thanks! @kangmingtay I opened a ticket but also decided to share it here in case someone else was having the problem, which was the case. After fixing the trigger, it worked. Thanks |
Great that it's implemented. Small note: what about the missing setting in the |
I have been waiting for this... awesome. |
@geoffreygarrett it will be supported on the CLI soon (likely some time this week) for local development! |
## What kind of change does this PR introduce? Types update ## What is the current behavior? User type is missing 'is_anonymous' property. ## What is the new behavior? User type has the 'is_anonymous' property. ## Additional context I'm not 100% certain if this property is optional or not, hoping @kangmingtay can offer some insight as they implemented the feature in supabase/auth#68 Fixes #872 --------- Co-authored-by: Kang Ming <kang.ming1996@gmail.com>
Hi, I'm looking to implement this in my app, but I am not using the JS library and the third-party libraries haven't had enough time to implement this feature yet. Is there somewhere I can view the API documentation for this so I can call it manually from my code? I have looked, but I am unable to find documentation for the |
@thisisthemurph good point, we'll update that - it uses the same endpoint as signup but without passing anything in the request body curl -X POST 'https://project_ref.supabase.co/auth/v1/signup' \
-H 'apikey: YOUR_SUPABASE_ANON_KEY'
-H 'Content-Type: application/json' -d '{}' |
@kangmingtay thanks for the information, appreciate it! Do you know where these kinds of endpoints are generally documented? |
Hi, I have enabled
But when I call:
I get the following error:
Request:
|
I fixed this by upgrading the Supabase CLI (also the Supabase npm package). More info: https://github.com/supabase/supabase/blob/eadf3d5353f5de7613c90e11f9800a31df0726aa/apps/www/_blog/2024-04-17-anonymous-sign-ins.mdx#L58 |
Is this available on |
@MohitKS5 it's available, just upgrade your supabase-js library |
## What kind of change does this PR introduce? * Implements supabase#68 * An anonymous user is defined as a user that doesn't have an email or phone in the `auth.users` table. This is tracked by using a generated column called `auth.users.is_anonymous` * When an anonymous user signs-in, the JWT payload will contain an `is_anonymous` claim which can be used in RLS policies as mentioned in [Option 3](supabase#68 (comment)). ```json { ... "is_anonymous": true } ``` * Allows anonymous sign-ins if `GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED` is enabled * Anonymous sign-ins are rate limited on a per hourly basis and controlled by `GOTRUE_RATE_LIMIT_ANONYMOUS_USERS`. This is an ip-based rate limit. * You can also configure silent captcha / turnstile to prevent abuse * There are 2 ways to upgrade an anonymous user to a permanent user: 1. Link an email / phone identity to an anonymous user `PUT /user` 2. Link an oauth identity using `GET /user/identities/authorize?provider=xxx` ## Example ```bash # Sign in as an anonymous user curl -X POST 'http://localhost:9999/signup' \ -H 'Content-Type: application/json' \ -d '{}' # Upgrade an anonymous user to a permanent user with an email identity curl -X PUT 'http://localhost:9999/user' \ -H 'Content-Type: application/json' \ -H 'Authorization: Bearer <access_token_of_anonymous_user>' \ -d '{"email": "user@example.com"}' # Upgrade an anonymous to a permanent user with an oauth identity curl -X GET 'http://localhost:9999/user/identities/authorize?provider=google' \ -H 'Authorization: Bearer <access_token_of_anonymous_user> ``` ## Follow-ups * Cleanup logic for anonymous users will be made in a separate PR
## What kind of change does this PR introduce? * Implements supabase#68 * An anonymous user is defined as a user that doesn't have an email or phone in the `auth.users` table. This is tracked by using a generated column called `auth.users.is_anonymous` * When an anonymous user signs-in, the JWT payload will contain an `is_anonymous` claim which can be used in RLS policies as mentioned in [Option 3](supabase#68 (comment)). ```json { ... "is_anonymous": true } ``` * Allows anonymous sign-ins if `GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED` is enabled * Anonymous sign-ins are rate limited on a per hourly basis and controlled by `GOTRUE_RATE_LIMIT_ANONYMOUS_USERS`. This is an ip-based rate limit. * You can also configure silent captcha / turnstile to prevent abuse * There are 2 ways to upgrade an anonymous user to a permanent user: 1. Link an email / phone identity to an anonymous user `PUT /user` 2. Link an oauth identity using `GET /user/identities/authorize?provider=xxx` ## Example ```bash # Sign in as an anonymous user curl -X POST 'http://localhost:9999/signup' \ -H 'Content-Type: application/json' \ -d '{}' # Upgrade an anonymous user to a permanent user with an email identity curl -X PUT 'http://localhost:9999/user' \ -H 'Content-Type: application/json' \ -H 'Authorization: Bearer <access_token_of_anonymous_user>' \ -d '{"email": "user@example.com"}' # Upgrade an anonymous to a permanent user with an oauth identity curl -X GET 'http://localhost:9999/user/identities/authorize?provider=google' \ -H 'Authorization: Bearer <access_token_of_anonymous_user> ``` ## Follow-ups * Cleanup logic for anonymous users will be made in a separate PR
## What kind of change does this PR introduce? * Implements supabase#68 * An anonymous user is defined as a user that doesn't have an email or phone in the `auth.users` table. This is tracked by using a generated column called `auth.users.is_anonymous` * When an anonymous user signs-in, the JWT payload will contain an `is_anonymous` claim which can be used in RLS policies as mentioned in [Option 3](supabase#68 (comment)). ```json { ... "is_anonymous": true } ``` * Allows anonymous sign-ins if `GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED` is enabled * Anonymous sign-ins are rate limited on a per hourly basis and controlled by `GOTRUE_RATE_LIMIT_ANONYMOUS_USERS`. This is an ip-based rate limit. * You can also configure silent captcha / turnstile to prevent abuse * There are 2 ways to upgrade an anonymous user to a permanent user: 1. Link an email / phone identity to an anonymous user `PUT /user` 2. Link an oauth identity using `GET /user/identities/authorize?provider=xxx` ## Example ```bash # Sign in as an anonymous user curl -X POST 'http://localhost:9999/signup' \ -H 'Content-Type: application/json' \ -d '{}' # Upgrade an anonymous user to a permanent user with an email identity curl -X PUT 'http://localhost:9999/user' \ -H 'Content-Type: application/json' \ -H 'Authorization: Bearer <access_token_of_anonymous_user>' \ -d '{"email": "user@example.com"}' # Upgrade an anonymous to a permanent user with an oauth identity curl -X GET 'http://localhost:9999/user/identities/authorize?provider=google' \ -H 'Authorization: Bearer <access_token_of_anonymous_user> ``` ## Follow-ups * Cleanup logic for anonymous users will be made in a separate PR
Feature request
For letting users anonymously enter into the application, and then if they want to continue, they can upgrade their account.
Describe the solution you'd like
Ability to sign in without any credentials.
The text was updated successfully, but these errors were encountered: