| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2024-04-04 |
anonymous authentication, progressive authentication, profile, user profile, authorization, sign in, secure app, identity provider, authorization |
appid |
{:codeblock: .codeblock} {:screen: .screen} {:download: .download} {:external: target="_blank" .external} {:faq: data-hd-content-type='faq'} {:gif: data-image-type='gif'} {:important: .important} {:note: .note} {:pre: .pre} {:tip: .tip} {:preview: .preview} {:deprecated: .deprecated} {:beta: .beta} {:term: .term} {:shortdesc: .shortdesc} {:script: data-hd-video='script'} {:support: data-reuse='support'} {:table: .aria-labeledby="caption"} {:troubleshoot: data-hd-content-type='troubleshoot'} {:help: data-hd-content-type='help'} {:tsCauses: .tsCauses} {:tsResolve: .tsResolve} {:tsSymptoms: .tsSymptoms} {:java: .ph data-hd-programlang='java'} {:javascript: .ph data-hd-programlang='javascript'} {:swift: .ph data-hd-programlang='swift'} {:curl: .ph data-hd-programlang='curl'} {:video: .video} {:step: data-tutorial-type='step'} {:tutorial: data-hd-content-type='tutorial'} {:ui: .ph data-hd-interface='ui'} {:cli: .ph data-hd-interface='cli'} {:api: .ph data-hd-interface='api'} {:terraform: .ph data-hd-interface='terraform'} {:release-note: data-hd-content-type='release-note'}
{: #anonymous}
With {{site.data.keyword.appid_full}}, you can allow users to anonymously browse your application under an anonymous user profile. If the user chooses to sign in, you can allow them to still access their anonymous attributes by attaching their anonymous profile to their user identity with {{site.data.keyword.appid_short_notm}}. {: shortdesc}
{: #progressive}
When a user chooses not to sign in immediately, they are considered an anonymous user. For example, say you're an online retailer and you want to allow users to add objects to their shopping cart without signing in. However, you ask them to sign in to complete their purchase. If a user chooses to sign in, you can allow them to access the same objects that were in their shopping carts before they signed in.
You can use {{site.data.keyword.appid_short_notm}} to gather information about anonymous users into an anonymous user profile, which you can use to help personalize their experience of your application. If the user chooses to signs in, you can attach the user attributes that are part of the anonymous profile to their user identity that is stored in {{site.data.keyword.appid_short_notm}}. Anonymous profiles are temporarily valid. While you develop your app, you can configure the lifetime of anonymous tokens.
When a user signs in, they become an identified user. If an existing identified user profile does not exist, you can create a new identified user profile. After a user is identified, {{site.data.keyword.appid_short_notm}} issues new access and identity tokens and their anonymous token becomes invalid. However, an identified user can still access the attributes of their anonymous profile because they are accessible with the new access and identity tokens.
You can attach the attributes of only one anonymous profile to the user's identity that is stored in {{site.data.keyword.appid_short_notm}}. For example, say that a user browses your application anonymously in two separate browser tabs. The user adds a t-shirt to the shopping cart on the first tab and a pair of shorts to the cart on the second tab. {{site.data.keyword.appid_short_notm}} creates two separate anonymous profiles to track the interactions of the user with your application on each tab.
If the user chooses to sign in from the first tab, then they have access only to the t-shirt they added to their cart before they signed in. In this case, {{site.data.keyword.appid_short_notm}} attaches only the attributes of the anonymous profile on the first tab to the user's identity. The service does not merge the anonymous profile that is created on the second tab to the user's identity stored in App ID. But the user can still access the shorts anonymously on the second tab because they are still accessible with the anonymous profile that was created on the second tab. While you develop your app, you can configure how to attach anonymous attributes to identified user profiles.
{: #progressive-flow}
In the following image, you can see the direction of communication that defines the progressive authentication flow between the user, your application, {{site.data.keyword.appid_short_notm}}, and the identity provider.
{: caption="Figure 1. Progressive authentication flow of anonymous user" caption-side="bottom"}
- The user interacts with areas of your app that do not require authentication.
- Your application notifies {{site.data.keyword.appid_short_notm}} that the user wants to interact with your app as an anonymous user.
- {{site.data.keyword.appid_short_notm}} creates an ad hoc user profile and calls the OAuth login that issues anonymous tokens for the anonymous user.
- Using the anonymous tokens from {{site.data.keyword.appid_short_notm}}, you can create, read, update, and delete the attributes that are stored in the anonymous user profile.
- The user might choose to sign in to access more features of your app.
- Your application notifies {{site.data.keyword.appid_short_notm}} that the user wants to interact with your app as an identified user.
- {{site.data.keyword.appid_short_notm}} returns the login widget to your app.
- The user selects their preferred identity provider and provides their credentials.
- Your application informs {{site.data.keyword.appid_short_notm}} that the user selected an identity provider.
- {{site.data.keyword.appid_short_notm}} authenticates the call with the identity provider.
- The identity provider confirms whether the login was successful.
- {{site.data.keyword.appid_short_notm}} uses the anonymous token to find the anonymous profile and attaches the user's identity to it.
- After {{site.data.keyword.appid_short_notm}} creates the new tokens, the service invalidates the user's anonymous token.
- {{site.data.keyword.appid_short_notm}} returns the new access and identity tokens. The new tokens contain the public information that is shared by the identity provider and the attributes of the user's formerly anonymous profile.
- The user is granted access to your app.