User Access Management in Realm

As I already stated before, I love Realm.io. It’s a pretty cool object oriented database, with a very mighty synchronization mechanism, that helps you build mobile apps just right out of the box. But that’s not the end of the line.. It also ships with a very mighty user management feature.

When you develop mobile apps, you sooner or later want users to get authenticated. You need a user management, with registration, authentication, and permission management. That’s all but easy.

Realm delivers all of it, with some easy steps.

  1. User registration
    var usr = await User.LoginAsync(Credentials.UsernamePassword("Tom", "test", true), new Uri("realmUrl"));
    // an exception will be thrown, when the user already exists
  2. User login
    var usr = await User.LoginAsync(Credentials.UsernamePassword("Tom", "test", false), new Uri("realmUrl"));

Now that you have a user registered and logged in, you can create as many realms as you like. But you can only create realms with your UserId, in most cases this is not the Username. But don’t panic, you don’t need to store it somewhere. When you open a Realm, just add a Tilde, which will automatically get replaced with your UserId.

FullSyncConfiguration conf = new FullSyncConfiguration(new Uri("~/MyLittleRealm", UriKind.Relative));
var realm = Realm.GetInstance(conf);

Pretty easy, isn’t it? But that’s not all. Let’s assume we have an App to manage your shopping list. That’s probably enough, but you also want to share your shopping list with your wife or kids. Everyone using your App will actually have it’s own list, but can’t access the others. But you know what realms they are using, so you could synchronize them too, perhaps it is something like <UserId>/ShoppingList . But first of all you don’t have their UserId (this is not the username!) and also no permission to access it. A user needs to actively grant someone else access to their Realms:

await User.Current.ApplyPermissionsAsync(PermissionCondition.UserId("someonesUserId"), "~/ShoppingList", AccessLevel.Read | AccessLevel.Write);

You can even choose if the user can read or read and write your Realm. But how do we get the UserId?

There are two approaches to that challenge:

  1. you can store the UserId in a public realm, this is okay, but not a very secure solution
  2. your App can offer a way to directly send the UserId to others using WhatsApp, NFC or a QR-Code .. that is easy and everyone has complete control to their data (even though it’s only an ID)
  3. Didn’t I just talk about two? Ok, I think there are probably more than that, there could be something like “Sync”-Mode.. a User can write an offer in a public realm, stating he wants to share his shopping list with a user with username “xy”, the App of user “xy” could react upon that offer and publish its UserId.

By the way: When you are using an external Authentication (like an Identity-Server or similar) that offers a JWT-Token, the UserId will be the same as the Username.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.