You're viewing the legacy docs. They are deprecated as of May 18, 2016.
These docs are for version 2.4.2 and below of the Javascript SDK. Go to our current docs, or see our Web migration guide.

JavaScript Web Guide

Anonymous Authentication

Anonymous Authentication

Firebase makes it easy to create anonymous guest accounts in your application, which lets you enforce user-specific Security and Firebase rules without requiring credentials from your users.

Each time you login a user anonymously, a new, unique user ID will be generated, and your Firebase reference will be authenticated using these new credentials. The session will live until its configured expiration time in the Login & Auth tab of your App Dashboard, or when you explicitly end the session by calling unauth().

This is particularly useful in applications where you don't want to require account creation or login, but security rules are required to ensure that users only have access to a specific set of data.

Logging Users In

If your user does not have an existing session, you can log them in with the following snippet:

var ref = new Firebase("https://<YOUR-FIREBASE-APP>");
ref.authAnonymously(function(error, authData) {
  if (error) {
    console.log("Login Failed!", error);
  } else {
    console.log("Authenticated successfully with payload:", authData);

Optional Settings

authAnonymously() takes an optional second parameter which is an object containing any of the following settings:

Name Description Type
remember If not specified - or set to default - sessions are persisted for as long as you have configured in the Login & Auth tab of your Firebase's Dashboard. To limit persistence to the lifetime of the current window, set this to sessionOnly. A value of none will not persist authentication data at all and will end authentication as soon as the page is closed. String

Here is an example of anonymous login where the session will expire upon browser shutdown:

var ref = new Firebase("https://<YOUR-FIREBASE-APP>");
ref.authAnonymously(function(error, authData) { /* Your Code */ }, {
  remember: "sessionOnly"

The authData object returned to your callback contains the following fields:

authData Object
Field Description Type
uid A unique user ID, intended as the user's unique key across all providers. String
provider The authentication method used, in this case: anonymous. String
token The Firebase authentication token for this session. String
auth The contents of the authentication token, which will be available as the auth variable within your Security and Firebase Rules. Object
expires A timestamp, in seconds since the UNIX epoch, indicating when the authentication token expires. Number
anonymous An object containing any provider-specific data. In this case, any empty object. Object

Security and Firebase Rules

Now that the client is logged in, your Security and Firebase Rules have access to their unique user ID. The auth variable contains the following values:

auth Variable
Field Description Type
provider The authentication method used; in this case, anonymous. String
uid A unique ID combining the provider and ID, intended as the user's unique key across all providers. String

Here is an example of how to use the auth variable in your Security and Firebase Rules:

  "rules": {
    "users": {
      "$uid": {
        // grants write access to the owner of this user account whose uid must exactly match the key ($uid)
        ".write": "auth !== null && auth.uid === $uid",

        // grants read access to any user who is logged in anonymously
        ".read": "auth !== null && auth.provider === 'anonymous'"
See the User Authentication and User Based Security articles for more details.
  1. 1


    Installation & Setup

  2. 2


    Understanding Data

  3. 3


    Saving Data

  4. 4


    Retrieving Data

  5. 5


    Structuring Data

  6. 6


    Understanding Security

  7. 7


    User Authentication

  8. 8


    Offline Capabilities

  9. 9


    Deploying Your App