Skygear V1.1 introduces regrouped user record increase developer flexibility for handling user management use cases. At-a-glance, the changes will now make a user’s username and e-mail a normal record for easier user profile discovery, signing up will only be a single API, and developers can query and update a user easily.
For those of you running apps that require user profile discovery, this release has a major feature change that allows users to update their username and e-mail and have the change saved to their user record, which is easily queried along with other custom user data.
Skygear v0.24 user record’s security-first design
User data security is always a top priority for the Skygear team. With that in mind, we previously stored authentication data (user name, password, and e-mail) in the
_user table. While it was possible to discover a user using their e-mail and username, the information in the
_user table was previously not extensible with custom user data because it was not part of the RecordDB.
Our intention was to keep authentication data secure and only accessible to the user, but this created extra work for developers and a problem for user discovery.
For example, a user previously could update their authentication (i.e. their e-mail), but this would not be automatically synchronized with their custom user data in the RecordDB; or when user name / e-mail are meant to be sharable in the app, developers needed to work around with the
Skygear v1.1 introduces extensibility for the user record
We have regrouped a user record to improve user discovery for the convenience of developers to handle user data.
Username and e-mail is now a normal record
user in the RecordDB). It is a normal Skygear record that can be accessed using the RecordDB API. You can also create custom fields in the user record according to the information you want to collect from your users.
Note to Skygear v0.24 users: log in / sign up method returns a user record, instead of a
The user auth data is now stored in the
_user table, which has been renamed to
_auth. Only the password and user ID is stored in
Signing up is now a single API
A new user sign up previously was a two-step process calling two separate APIs. Previously, developers used the signup API to create a new user account then used the Record API to save custom user data. We now have a single API that does both things in one go. See the example below.
This is an example of creating a user with e-mail, password and interest:
Developers can update and query a user easily
Storing the username and e-mail in the RecordDB means that when a user updates their e-mail, the new e-mail is automatically available for user profile discovery.
There is no longer a need to maintain two tables of information on user data (as was the case with v0.24).
Developers can update and query a user easily with the RecordDB API as demonstrated below:
Find further information in the User Profile JS documentation.
Note that this means the developer should handle the security of user information with care. With that in mind, we are already working on Field Based ACL to address data security.
Skygear v1.1 is only available for new apps created through the Skygear Portal. For users who developed apps using v0.24, stay tuned for a coming migration guide.
Create a new app and tell us what you think of Skygear v1.1!
Skygear is an open-source serverless platform. Check out our docs and set up your free account today!