Allow Guests or rely on multi-session?


#1

Hi all,
Just wondering if I can rely on the singe-user multi-session feature going forward?
In my App I do not want to ask the user to enter their email address, as it would not be used anywhere else (at this stage) and it may stop them from using the App.
Need the smallest number of obstacles on App launch.

So, either I switch-on the Guest feature or rely on the more secure single-user multi-session.

Pros & Cons anybody?

I suppose I could generate dummy email address’ for each user, but I’m not sure if that means they then need to confirm the new registration, which could be something the don’t want.

–Robert


#2

Hey Robert,

The guest user means the API is wide open, so unless there’s no need to secure user data you should authenticate users.

Currently, user name does require an email address. However, you don’t have to use the whole user registration email flow. What many people do is simply user the ‘user’ API (see the /user calls in the API Docs tab) to register users from their app. To do that, go to Config > Open Registration and enable open registration. Also select the role that users of your app will have.

So the simplest user experience right now is:

  1. end user self-registers in your app one time with email and password
  2. end user authenticates with email and password to get session token (note that version 2.0 will have better control over session duration for native mobile apps and support for OAuth 1.0, OAuth 2.0, and active directory)