Anonymous users with AshAuthentication
Context
As a part of the app I'm currently building, there will be anonymous users as well as "authenticated" users that log in with email and password or other strategies. Authenticated users will create entities that can be shared through generating a public link. Anyone with the link will be able to view and comment on the entity created by the authenticated user. However, the comments still need to be tied to a user because only they should be able to do things like delete or edit sent comments.
Question
Does anyone have a recommended way to handle anonymous users?
My plan currently is to make password and email optional as well as add a custom strategy. The custom strategy will provide a create action that accepts no parameters and will register a user with no email or password. Anonymous users will be authenticated using the token stored on the client from then on.
Is there anything I should keep in mind when making email optional?
2 Replies
🤔 Nothing immediately comes to mind. Just make sure you're testingyour flows etc 😄
My first thought is that your anonymous users might want to be a completely separate resource with their own distinct authentication system. But also maybe stored in an emphemeral data layer like ETS? Not sure.