> ## Documentation Index
> Fetch the complete documentation index at: https://docs.quickblox.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Authentication
> Learn how to authenticate your users with QuickBlox.
Every user needs to authenticate with QuickBlox before using any QuickBlox functionality. When someone connects with an application using QuickBlox, the application needs to obtain a session token which provides temporary secure access to QuickBlox APIs. A session token is an opaque string that identifies a user and an application.
Visit [Key Concepts](/docs/key-concepts) page to learn the most important QuickBlox concepts.
## Before you begin
1. Register a [QuickBlox account](https://admin.quickblox.com/signin). This is a matter of a few minutes and you will be able to use this account to build your apps.
2. Configure QuickBlox SDK for your app. Check out [Setup](/sdks/react-native-setup) page for more details.
## Session token rights
There are different types of session tokens to support different use cases.
| Application session token | Description |
| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Application session token | This kind of access token is needed to read the app data. Has only READ access to resources. The expiration time after the last REST API request is 2 hours. |
| User session token | The user token is the most commonly used type of token. This kind of access token is needed any time the app calls an API to read, modify or write a specific user's data on their behalf. Has READ/WRITE access to resources. The expiration time after the last REST API request is 2 hours. |
## Get session
You can check whether you have a session or not.
```JavaScript JavaScript theme={null}
QB.auth
.getSession()
.then(function (session) {
// handle session
})
.catch(function (e) {
// something went wrong
});
```
## Sign up user
Before you log in the user, you must create the user on QuickBlox. Recommendations are below:
1. **For POCs/MVPs:** Create the user using the [QuickBlox Dashboard](https://admin.quickblox.com/) or in client app with application session token.
2. **For production apps:** Use the [QuickBlox Create User API](https://docs.quickblox.com/reference/create-user) with [API key](/docs/application#create-api-key) on your backend to create the user when your user signs up in your app.
**Security**
It's recommended to [disable permission](/docs/application#set-session-permissions) to create users with application session on **production apps** once user creation is implemented on your backend.
You can create a user with application session token in client app by calling `create()` method.
```JavaScript JavaScript theme={null}
const createUserParams = {
fullName: 'Jack Sparrow',
login: 'jack',
password: 'jackpassword'
};
QB.users
.create(createUserParams)
.then(function (user) {
// user created successfully
})
.catch(function (e) {
// handle as necessary
});
```
## Log in user
QuickBlox provides four types of user authentication: login/email and password, social, phone number, and custom identity provider login.
### Login/email and password
Standard login lets you log in a user just by login (or email) and password. Other fields are optional. Thus, the QuickBlox server requests a users database for a match. If there is a match, a user session is created.
```JavaScript JavaScript theme={null}
const loginParams = {
login: 'yourlogin',
password: 'yourpassword'
};
// or through email
// const loginParams = {email: '[[email protected]](/cdn-cgi/l/email-protection)', password: 'garry5santos'};
QB.auth
.login(loginParams)
.then(function (info) {
// signed in successfully, handle info as necessary
// info.user - user information
// info.session - current session
})
.catch(function (e) {
// handle error
});
```
### Social
Authenticate with QuickBlox using a facebook access token.
```JavaScript JavaScript theme={null}
const facebookToken = 'EAAJ1nlH9EaQphl8WmFIJBhFn8XLMBu8UWAyxx1Uz0JLwZDZD';
QB.auth
.loginWithFacebook(facebookToken)
.then(function (info) {
// signed in successfully, handle info as necessary
// info.user - user information
// info.session - current session
})
.catch(function (e) {
// handle error
});
```
### Phone number
A sign-in with a phone number is supported with **Firebase integration**. In order to implement authentication via phone number functionality, follow this [Firebase document](https://rnfirebase.io/auth/phone-auth).
Don't forget to enable phone number sign-in for your Firebase project. To learn how to do this, see this [Firebase document](https://firebase.google.com/docs/auth/web/phone-auth#enable-phone-number-sign-in-for-your-firebase-project).
To send a verification code to the user's phone and sign in the user on Firebase with the received verification code, use the snippet below.
```JavaScript JavaScript theme={null}
import React, { useState } from 'react';
import { Button, TextInput } from 'react-native';
import auth from '@react-native-firebase/auth';
function PhoneSignIn() {
// If null, no SMS has been sent
const [confirm, setConfirm] = useState(null);
const [code, setCode] = useState('');
// Handle the button press
async function signInWithPhoneNumber(phoneNumber) {
const confirmation = await auth().signInWithPhoneNumber(phoneNumber);
setConfirm(confirmation);
}
async function confirmCode() {
try {
await confirm.confirm(code);
} catch (error) {
console.log('Invalid code.');
}
}
if (!confirm) {
return (