Warning – Alpha!
This guide covers authentication and authorisation. Both mechanisms are currently very limited and are under active development.
ElectricSQL currently has a very limited, insecure authentication mechanism whereby all clients automatically authenticate using a
clientId. It’s automatic and undocumented, because it’s going to be replaced. This is under active development and is a high priority for us.
ElectricSQL does not currently support limiting of reads or writes on any data. All users who have access to your
app (for example, by extracting it from your mobile app bundle) can currently read and write any data.
We are actively working on a system to enable authorisation rules that works with our authentication and partial replication systems. However, this is not yet implemented.