QuickBlox Documentation

QuickBlox provides powerful Chat API and SDK to add real-time messaging and video calls to your web and mobile apps. Learn how to integrate QuickBlox across multiple platforms and devices. Check out our detailed guides to make integration easy and fast.

Authentication

Learn how to authenticate your users with QuickBlox.

Every user needs to authenticate with QuickBlox before using any QuickBlox functionality. When someone connects with an application using QuickBlox, the application needs to obtain a session token which provides temporary secure access to QuickBlox APIs. A session token is an opaque string that identifies a user and an application.

Before you begin

  1. Visit our Key Concepts page to get an overall understanding of the most important QuickBlox concepts.
  2. Register a QuickBlox account. This is a matter of a few minutes and you will be able to use this account to build your apps.
  3. Configure QuickBlox SDK for your app. Check out our Setup page for more details.

Session token rights

There are different types of session tokens to support different use cases.

Session Token Type

Description

Application session token

This kind of access token is needed to read the app data. Has only READ access to resources. The expiration time after the last REST API request is 2 hours.

User session token

The user token is the most commonly used type of token. This kind of access token is needed any time the app calls an API to read, modify or write a specific user's data on their behalf. Has READ/WRITE access to resources. The expiration time after the last REST API request is 2 hours.

Session token management

You can track session states using QBSessionManager class and SessionListener listener.

QBSessionManager.getInstance().addListener(new QBSessionManager.QBSessionListener() {
    @Override
    public void onSessionCreated(QBSession session) {
    // calls when session was created firstly or after it has been expired
    }
 
    @Override
    public void onSessionUpdated(QBSessionParameters sessionParameters) {
    // calls when user signed in or signed up
    // QBSessionParameters stores information about signed in user. 
    }
 
    @Override
    public void onSessionDeleted() {
    // calls when user signed Out or session was deleted 
    }
 
    @Override
    public void onSessionRestored(QBSession session) {
    // calls when session was restored from local storage
    }
 
    @Override
    public void onSessionExpired() {
    // calls when session is expired
    }
 
    @Override
    public void onProviderSessionExpired(String provider) {
    // calls when provider's access token is expired or invalid 
    }
});
QBSessionManager.getInstance().addListener(object : QBSessionManager.QBSessionListener {
    override fun onSessionCreated(session: QBSession) {
    // calls when session was created firstly or after it has been expired
    }

    override fun onSessionUpdated(sessionParameters: QBSessionParameters) {
    // calls when user signed in or signed up
    // QBSessionParameters stores information about signed in user.
    }

    override fun onSessionDeleted() {
    // calls when user signed Out or session was deleted
    }

    override fun onSessionRestored(session: QBSession) {
    // calls when session was restored from local storage
    }

    override fun onSessionExpired() {
    // calls when session is expired
    }

    override fun onProviderSessionExpired(provider: String) {
    // calls when provider's access token is expired or invalid
    }
})

Session token details

At any time you can get details about your current session token.

QBSessionParameters sessionParameters = QBSessionManager.getInstance().getSessionParameters();
sessionParameters.getUserId();
sessionParameters.getUserLogin();
sessionParameters.getUserEmail();
sessionParameters.getSocialProvider();
sessionParameters.getAccessToken();
val sessionParameters = QBSessionManager.getInstance().getSessionParameters()
sessionParameters.userId
sessionParameters.userLogin
sessionParameters.userEmail
sessionParameters.socialProvider
sessionParameters.accessToken

Also, you can check whether you are logged in or not.

boolean isLoggedIn = QBSessionManager.getInstance().getSessionParameters() != null;
val isLoggedIn = QBSessionManager.getInstance().sessionParameters != null

Sign up user

If a current user doesn't exist, you can create them by calling the signUp() method.

final QBUser user = new QBUser();
user.setLogin("MyLogin");
user.setPassword("mypassword");

QBUsers.signUp(user).performAsync(new QBEntityCallback<QBUser>() {
    @Override
    public void onSuccess(QBUser qbUser, Bundle bundle) {
        
    }

    @Override
    public void onError(QBResponseException e) {
        
    }
});
val user = QBUser()
user.login = "MyLogin"
user.password = "mypassword"

QBUsers.signUp(user).performAsync(object : QBEntityCallback<QBUser> {
    override fun onSuccess(qbUser: QBUser?, bundle: Bundle?) {
        
    }

    override fun onError(e: QBResponseException?) {
        
    }
})

Log in user

QuickBlox provides four types of user authentication: login/email and password, social, phone number, and custom identity provider login.

Login/email and password

Log in a user just by using login (or email) and password. Other fields are optional. Thus, the QuickBlox server requests a users database for a match. If there is a match, a user session is created.

final QBUser user = new QBUser();
user.setLogin("MyLogin");
user.setPassword("mypassword");

QBUsers.signIn(user).performAsync(new QBEntityCallback<QBUser>() {
    @Override
    public void onSuccess(QBUser user, Bundle args) {
        
    }

    @Override
    public void onError(QBResponseException error) {
        
    }
});
val user = QBUser()
user.login = "MyLogin"
user.password = "mypassword"

QBUsers.signIn(user).performAsync(object : QBEntityCallback<QBUser> {
    override fun onSuccess(user: QBUser?, args: Bundle?) {
        
    }

    override fun onError(error: QBResponseException?) {
        
    }
})

Social

Authenticate with QuickBlox using a social network access token.

String accessToken = "Az9dgLfyK7tZBSAz9dgLfyK7tQNttIoaZA10niR68DO";
String accessTokenSecret = null;
String provider = QBProvider.FACEBOOK;

QBUsers.signInUsingSocialProvider(provider, accessToken, accessTokenSecret).performAsync(new QBEntityCallback<QBUser>() {
    @Override
    public void onSuccess(QBUser qbUser, Bundle bundle) {
        // Login Successful
    }

    @Override
    public void onError(QBResponseException e) {
        // Login Error
    }
});
val accessToken = "Az9dgLfyK7tZBSAz9dgLfyK7tQNttIoaZA10niR68DO"
val accessTokenSecret: String? = null
val provider = QBProvider.FACEBOOK // or QBProvider.TWITTER

QBUsers.signInUsingSocialProvider(provider, accessToken, accessTokenSecret).performAsync(object : QBEntityCallback<QBUser> {
    override fun onSuccess(qbUser: QBUser?, bundle: Bundle?) {
        // Login Successful
    }

    override fun onError(e: QBResponseException?) {
        // Login Error
    }
})

Parameters

Description

provider

A social network provider.

accessToken

An access token received from the social network after a user authenticates with it.

accessTokenSecret

A social network provider's access token secret.

Phone number

A sign-in with a phone number is supported with Firebase integration. In order to implement authentication via phone number functionality, follow this Firebase document.

Don't forget to enable phone number sign-in for your Firebase project. To learn how to do this, see this Firebase document.

You also need to sign in the user to Firebase. You can sing in the user only after completing a series of steps that involve sending a verification code to the user's phone, entering the verification code that Firebase sent to the user's phone, creating a PhoneAuthCredential object, etc. Refer this Firebase document for more details.

To log in the user to QuickBlox, use the signInUsingFirebase() method. Pass the project ID and ID token to the signInUsingFirebase(). The ID token is received as a result of the getIdToken() method.

private void refreshFirebaseAccessToken() {
    FirebaseUser firebaseUser = FirebaseAuth.getInstance().getCurrentUser();

    firebaseUser.getIdToken(false).addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
        @Override
        public void onComplete(@NonNull Task<GetTokenResult> task) {
            if (task.isSuccessful()) {
                // Getting access token - successful
                if (task.getResult() != null) {
                    firebaseAccessToken = task.getResult().getToken();
                    // Save access token
                }
            } else {
                // Getting access token - unsuccessful
            }
        }
    });
}

private void loginByPhone() {
    QBUsers.signInUsingFirebase(firebaseProjectID, firebaseAccessToken).performAsync(new QBEntityCallback<QBUser>() {
        @Override
        public void onSuccess(QBUser user, Bundle bundle) {
            // Successful Signed In
        }

        @Override
        public void onError(QBResponseException e) {
            // Sign In Error
        }
    });
}
private fun refreshFirebaseAccessToken() {
    val firebaseUser = FirebaseAuth.getInstance().currentUser

    firebaseUser?.getIdToken(false)?.addOnCompleteListener { task ->
        if (task.isSuccessful) {
            // Getting access token - successful
            if (task.result != null) {
                firebaseAccessToken = task.result!!.token!!
                // Save access token
            }
        } else {
            // Getting access token - unsuccessful
        }
    }
}

private fun loginByPhone() {
    QBUsers.signInUsingFirebase(firebaseProjectID, firebaseAccessToken).performAsync(object : QBEntityCallback<QBUser>{
        override fun onSuccess(qbUser: QBUser?, b: Bundle?) {
            // Successful Signed In
        }

        override fun onError(e: QBResponseException?) {
            // Sign In Error
        }
    })
}

Pass the following arguments to the signInUsingFirebase() method.

Arguments

Description

firebaseProjectID

Firebase project ID. When you create a Firebase project, Firebase automatically assigns a unique ID to the project, but you can edit it during the project setup.

firebaseAccessToken

ID token of the Firebase user. Created by Firebase when a user signs in to an app. This token is received as a result of getIdToken() method.

Custom identity provider

You can authenticate your application users from the external database with QuickBlox via Custom Identity Provider (CIdP). Just specify the user login and access token as a password to authenticate with QuickBlox. Review Custom Identity Provider page for more details on the feature.

String userLogin = "myQBLogin";
String identityToken = "Fd4kxd37z58dS4d2Ye7wh3";
QBUser user = new QBUser();
user.setLogin(userLogin);
user.setPassword(identityToken);

QBUsers.signIn(user).performAsync(new QBEntityCallback<QBUser>() {
    @Override
    public void onSuccess(QBUser qbUser, Bundle bundle) {
        // Login Successful
    }

    @Override
    public void onError(QBResponseException e) {
        // Login Error
    }
});
val userLogin = "myQBLogin"
val identityToken = "Fd4kxd37z58dS4d2Ye7wh3"
val user = QBUser()
user.login = userLogin
user.password = identityToken

QBUsers.signIn(user).performAsync(object : QBEntityCallback<QBUser> {
    override fun onSuccess(qbUser: QBUser?, bundle: Bundle?) {
        // Login Successful
    }

    override fun onError(e: QBResponseException?) {
        // Login Error
    }
})

🚧

This feature is available for customers on the Enterprise plan only. Take advantage of Enterprise features to unlock new value and opportunities for users. For more information and if you want to request a Demo, please contact us by mail: [email protected].

Log out user

If you have a user session, you can downgrade it to an application session by calling the logout() method.

QBUsers.signOut().performAsync(new QBEntityCallback<Void>() {
    @Override
    public void onSuccess(Void aVoid, Bundle bundle) {
        
    }

    @Override
    public void onError(QBResponseException e) {
        
    }
});
QBUsers.signOut().performAsync(object : QBEntityCallback<Void> {
    override fun onSuccess(aVoid: Void?, bundle: Bundle?) {
        
    }

    override fun onError(e: QBResponseException?) {
        
    }
})

Destroy session token

To destroy an application session use the following code.

QBAuth.deleteSession().performAsync(new QBEntityCallback<Void>() {
    @Override
    public void onSuccess(Void aVoid, Bundle bundle) {
        
    }

    @Override
    public void onError(QBResponseException e) {
        
    }
});
QBAuth.deleteSession().performAsync(object : QBEntityCallback<Void> {
    override fun onSuccess(aVoid: Void?, bundle: Bundle?) {
        
    }

    override fun onError(e: QBResponseException?) {
        
    }
})

Updated 17 days ago


What's Next

Users

Authentication


Learn how to authenticate your users with QuickBlox.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.