Authentication

Every user needs to authenticate with QuickBlox before using any QuickBlox functionality. When someone connects with an application using QuickBlox, the application needs to obtain a session token which provides temporary secure access to QuickBlox APIs. A session token is an opaque string that identifies a user and an application.

Visit our Key Concepts page to get an overall understanding of the most important QuickBlox concepts.

Before you begin

1. Register a QuickBlox account. This is a matter of a few minutes and you will be able to use this account to build your apps.
2. Configure QuickBlox SDK for your app. Check out our Setup page for more details.

Session token rights

There are different types of session tokens to support different use cases.

Get session

You can check whether you have a session or not.

try {
  QBSession? session = await QB.auth.getSession();
} on PlatformException catch (e) {
  // some error occurred, look at the exception message for more details
}

Log in user

If you have an application session, you can upgrade it to a user session by calling login() method.

String login = "johnsmith";
String password = "superPassword";

try {
  QBLoginResult result = await QB.auth.login('login', 'password');
  QBUser? qbUser = result.qbUser;
  QBSession? qbSession = result.qbSession;
} on PlatformException catch (e) {
  // some error occurred, look at the exception message for more details
}

Log out user

If you have a user session, you can downgrade it to an application session by calling logout() method.

try {
  await QB.auth.logout();
} on PlatformException catch (e) {
  // some error occurred, look at the exception message for more details
}

Session expiration

The expiration time for a session token is 2 hours. If you will perform a query with an expired token, you will receive an error: "Required session does not exist". In this case, you have to recreate the session token.
In Flutter SDK since version 0.9.0, we have a listener to find if the session token has expired.

await QB.auth.subscribeAuthEvent(QBAuthEvents.SESSION_EXPIRED, (data) {
  // handle session expired event
});

Set existing session

Typically, a session token is stored in SDK after successful login and used for every subsequent API call. However, you may want to obtain and store the session on your server for better security. In this case, you can set application or user token into SDK using the startSessionWithToken() method, also before calling the method to get notified that the session has expired you need to add session expiration listener. Don't forget to log in user user if you pass the application token.

try {
  String sessionToken = "8b75a6c7191285499d890a81df4ee7fe49bc732a";
  QBSession? session = await QB.auth.startSessionWithToken(sessionToken);
} on PlatformException catch (e) {
  // some error occurred, look at the exception message for more details
}

🚧

If you have a version lower than 0.9.0, you can set the existing session token into SDK using the setSession() method.

try {
  QBSession? session = QBSession();
  session!.applicationId = 76730;
  session!.userId = 567527986;
  session!.expirationDate = "2025-01-23T01:23:45.678+09:00";
  session!.token = "8b75a6c7191285499d890a81df4ee7fe49bc732a";
  QBSession? sessionResult = await QB.auth.setSession(session);
} on PlatformException catch (e) {
  // some error occurred, look at the exception message for more details
}

Set the following fields of the qbSession.