Authentication

You can select a different type of authentication for the mobile and web sides of your app, including no authentication. You can also choose to disable authentication for single views.

The available types of authentication include:

  • Anonymous—Users can use the application without logging in. A login screen is not presented.
  • Kinvey Authentication—Utilize the user management facility provided by the Kinvey backend. It stores user information in the Kinvey backend in the Users system collection and provides most features needed for a modern-day app.
  • Mobile Identity Connect (MIC)—Utilize Kinvey's framework for connecting to social identity providers, third-party enterprise identity providers, or in-company enterprise user directories. Mobile Identity Connect supports LDAP, OAuth, and SAML, among others.

Selecting Authentication Type

By default, the authentication type applies to all app views but you can disable authentication for particular views if needed.

  1. Open the Kinvey Studio application.
  2. In the left-side navigation, click the Authentication tab.
  3. Under Authentication Type for Web, select the authentication type for the web part of your application.

    Authentication options that appear dimmed are coming up in a future release of Kinvey Studio.

  4. Under Authentication Type for Mobile, select the authentication type for the mobile part of your application.

  5. Click Save changes.

Redirect URI for MIC

When you select the MIC authentication option, you need to specify a redirect URI as per the OAuth 2.0 protocol used by MIC. It represents a callback URI that will be used to pass the OAuth grant.

You need to whitelist the redirect URL that you enter here when you set up the MIC service on the backend. See Setting Up the Backend for more information.

Disabling Authentication for a Single View

Disabling the authentication for a single view makes the view accessible without login. In a web app, for example, anyone with a direct link will be able to open it. You can utilize such views to implement a public home page for an otherwise login-protected app, or even entire app features that require multiple views.

To disable authentication when creating the view:

  1. Enter an application and then open the module where you want to create the view.
  2. Click the plus sign in the upper-left corner.

    The Add View dialog box appears.

  3. Select view type to create.

  4. Under Authentication, ensure that Requires Authentication is unchecked.
  5. After setting up the rest of the properties, click Add View.


To disable authentication for an existing view:

  1. Enter an application and then open the module where you created the view.
  2. In the list of views on the left, hover the view that you want to edit.
  3. Click the gear icon and select Settings from the menu that appears.
  4. In Edit View Settings, ensure that Requires Authentication is unchecked.
  5. Click Save.

Setting Up the Backend

When you select the Kinvey Authentication or Mobile Identity Connect authentication type, you may need to make additional settings on the backend before users can actually log in to your application.

Kinvey Authentication

Kinvey Authentication is designed to work without any additional changes. As soon as you create a user account, the user can use it to log in to the application. However, you may want to set your preferences for various Kinvey Authentication features like Email Verification and Password Reset.

Creating User Accounts

Normally, users will create their user accounts from your app's register screen. However, you can also create user accounts manually using Kinvey Console.

  1. Log in to Kinvey Console.
  2. Open the app environment connected to your Kinvey Studio application.
  3. In the left-side navigation, click Users.
  4. In the toolbar above the data browser, click Add User.
  5. Fill in the form and click Create.

Normally, the form only asks for Username and Password. An Email field appears automatically if you enable the Email Verification > Require Email Verification for sign in preference. Naturally, you can always add an email field to an existing user account programmatically.

Setting Preferences

  1. Log in to Kinvey Console.
  2. Open the app environment connected to your Kinvey Studio application.
  3. In the left-side navigation, click Users.
  4. In the toolbar above the data browser, click the gear icon (Collection Settings).
  5. Use the screen to set preferences, customize templates, and make settings.

Mobile Identity Connect

To allow users of other identity providers (IdPs) to log in to your app, you need to connect your Kinvey backend to the IdP first. The Mobile Identity Connect guide explains how MIC works, how to create the necessary Kinvey service, and what APIs to use in your code.

When setting up your MIC service, pay special attention to the Redirect URIs field available for all MIC service types. It allows you to whitelist one or more URIs that represent callback URIs to be used to pass the OAuth grant. Don't forget to whitelist the Redirect URI that you enter in Kinvey Studio when setting up Authentication.

In addition, if you intend on using the Kinvey Preview app to run apps on a physical device during development, add the following URI to the white list:

kspreviewresume://

Setting Up the Login Screen

The System module of each application includes a predefined views called login for both mobile and web. The login views change automatically to reflect your choice of authentication type. Note that the view appears in the list even when Anonymous is selected, but the app doesn't visualize it when built.

To customize the login view:

  1. Open your Kinvey Studio application.
  2. Enter the Application module.
  3. In the list of views inside the module, click the appropriate login view for web or mobile.
  4. Make your changes in the Inspector pane on the right.
  5. Click the Save icon above the list of views.