Auth
Warning – Alpha!
This guide covers authentication and authorisation. Both mechanisms are currently very limited and are under active development.
Authentication
ElectricSQL currently has a very limited, insecure authentication mechanism whereby all clients automatically authenticate using a clientId. It’s automatic and undocumented, because it’s going to be replaced. This is under active development and is a high priority for us.
Authorisation
ElectricSQL does not currently support limiting of reads or writes on any data. All users who have access to your app (for example, by extracting it from your mobile app bundle) can currently read and write any data.
We are actively working on a system to enable authorisation rules that works with our authentication and partial replication systems. However, this is not yet implemented.