Use this page to learn how to authenticate your users with QuickBlox.
Every user needs to authenticate with QuickBlox before using any QuickBlox functionality. When someone connects with an application using QuickBlox, the application needs to obtain a session token which provides temporary secure access to QuickBlox APIs. A session token is an opaque string that identifies a user and an application.
Visit Key Concepts page to learn the most important QuickBlox concepts.
There are different types of session tokens to support different use cases.
Application session token | Description |
---|---|
Application session token | This kind of access token is needed to read the app data. Has only READ access to resources. The expiration time after the last REST API request is 2 hours. |
User session token | The user token is the most commonly used type of token. This kind of access token is needed any time the app calls an API to read, modify or write a specific user’s data on their behalf. Has READ/WRITE access to resources. The expiration time after the last REST API request is 2 hours. |
You can check whether you have a session or not.
Before you log in the user, you must create the user on QuickBlox. Recommendations are below:
Security
It’s recommended to disable permission to create users with application session on production apps once user creation is implemented on your backend.
You can create a user with application session token in client app by calling createUser()
method.
If you have an application session, you can upgrade it to a user session by calling login()
method.
If you have a user session, you can downgrade it to an application session by calling logout()
method.
The expiration time for a session token is 2 hours. If you will perform a query with an expired token, you will receive an error: Required session does not exist
. In this case, you have to recreate the session token.
In Flutter SDK since version 0.9.0, we have a listener to find if the session token has expired.
Typically, a session token is stored in SDK after successful login and used for every subsequent API call. However, you may want to obtain and store the session on your server for better security. In this case, you can set application or user token into SDK using the startSessionWithToken()
method, also before calling the method to get notified that the session has expired you need to add session expiration listener. Don’t forget to log in user if you pass the application token.
If you have a version lower than 0.9.0, you can set the existing session token into SDK using the setSession() method.
Set the following fields of the qbSession
.
Field | Required | Description |
---|---|---|
applicationId | yes | Application ID. |
userId | yes | User ID. |
expirationDate | yes | Session token expiration date. |
token | yes | QuickBlox session token. |
Use this page to learn how to authenticate your users with QuickBlox.
Every user needs to authenticate with QuickBlox before using any QuickBlox functionality. When someone connects with an application using QuickBlox, the application needs to obtain a session token which provides temporary secure access to QuickBlox APIs. A session token is an opaque string that identifies a user and an application.
Visit Key Concepts page to learn the most important QuickBlox concepts.
There are different types of session tokens to support different use cases.
Application session token | Description |
---|---|
Application session token | This kind of access token is needed to read the app data. Has only READ access to resources. The expiration time after the last REST API request is 2 hours. |
User session token | The user token is the most commonly used type of token. This kind of access token is needed any time the app calls an API to read, modify or write a specific user’s data on their behalf. Has READ/WRITE access to resources. The expiration time after the last REST API request is 2 hours. |
You can check whether you have a session or not.
Before you log in the user, you must create the user on QuickBlox. Recommendations are below:
Security
It’s recommended to disable permission to create users with application session on production apps once user creation is implemented on your backend.
You can create a user with application session token in client app by calling createUser()
method.
If you have an application session, you can upgrade it to a user session by calling login()
method.
If you have a user session, you can downgrade it to an application session by calling logout()
method.
The expiration time for a session token is 2 hours. If you will perform a query with an expired token, you will receive an error: Required session does not exist
. In this case, you have to recreate the session token.
In Flutter SDK since version 0.9.0, we have a listener to find if the session token has expired.
Typically, a session token is stored in SDK after successful login and used for every subsequent API call. However, you may want to obtain and store the session on your server for better security. In this case, you can set application or user token into SDK using the startSessionWithToken()
method, also before calling the method to get notified that the session has expired you need to add session expiration listener. Don’t forget to log in user if you pass the application token.
If you have a version lower than 0.9.0, you can set the existing session token into SDK using the setSession() method.
Set the following fields of the qbSession
.
Field | Required | Description |
---|---|---|
applicationId | yes | Application ID. |
userId | yes | User ID. |
expirationDate | yes | Session token expiration date. |
token | yes | QuickBlox session token. |