Allow anonymous users to be logged in without reusing existing ones

[sync-by-unito]

The anonymous credentials are very useful for writing integration tests and it would be very helpful to have the option to tell the SDK not to return an existing user when logging in anonymously. From an end-user perspective, the experience I would like to see is:

app.logIn(Credentials.anonymous()) // returns an existing user or a new one if called for the first time
app.logIn(Credentials.anonymous({ reuseUser: false }) // always logs in a new user
app.logIn(Credentials.anonymous({ reuseUser: true }) // equivalent to Credentials.anonymous()

[sync-by-unito]

➤ Nikola Irinchev commented:

Why is this closed?

[ianpward]

we discussed this in core backlog meeting - whats the customer-driven use case for this? if you want to use different users, then you can use username/password login

[sync-by-unito]

➤ Nikola Irinchev commented:

It's very useful for demos/tutorials. It's also trivial to implement, so I'm not sure why there's hesitancy to do it. Username password requires that we explain to users how to enable it, how to turn on automatic user confirmation, then in the demo code, we have to first register a user, then log them in, which is unintuitive for most users. Anon auth is automatically enabled when dev mode is enabled, which makes it very straightforward to write blog posts/tutorials.

[nirinchev]

Reopening this because it would have allowed us to catch a potentially critical issue with the refresh token format change.

[nicola-cab]

@nirinchev what are the APIs that would be impacted by this request?
Because in the C-API there is already:

RLM_API realm_app_credentials_t* realm_app_credentials_new_anonymous(void) noexcept
{
    return new realm_app_credentials_t(AppCredentials::anonymous());
}

Which seems to return anonymous credentials.

[nirinchev]

The issue is not about returning anonymous credentials at all. The problem is that you can't log in multiple anonymous users right now. Once you login an anonymous user, every time you call log_in with anonymous credentials, you'll receive the same user. This is a problem for the C++ API, not just the C API.

[nicola-cab]

Ok so you want basically this check gone:

// if we try logging in with an anonymous user while there
    // is already an anonymous session active, reuse it
    if (credentials.provider() == AuthProvider::ANONYMOUS) {
        for (auto&& user : m_sync_manager->all_users()) {
            if (user->provider_type() == credentials.provider_as_string() && user->is_logged_in()) {
                completion(switch_user(user), util::none);
                return;
            }
        }
    }

Should we not limit the number of anonymous users we allow? Maybe 1 is too restrictive, could we extend to 3 maybe?

[nirinchev]

Why would we have a limit? What are we trying to guard against?