DEV Community

陈杨
陈杨

Posted on

HarmonyOS-User-Authentication-Guide

#harmonyos #arkts

Hey folks! Today, let's talk about some crucial user authentication operations in HarmonyOS app development, especially functions like signing out, deleting accounts, and re-authentication that can sometimes be confusing. Grab your snacks and drinks, let's dive in!

1. An Elegant Way to Sign Out Users

When a user wants to switch accounts or leave your app, you can't just close it abruptly. Try this super useful <font style="color:rgb(255, 80, 44);background-color:rgb(255, 245, 245);">signOut()</font> method:

import { auth } from '@kit/accountIdKit';

// Call this when the sign-out button is tapped
auth.signOut()
  .then(() => {
    console.log("Goodbye! Local cache cleared.");
    // You can navigate to the login page here
  })
  .catch((error) => {
    console.log("Oops, sign-out failed", error);
    // Show a toast to prompt the user to check their network connection
  });
Enter fullscreen mode Exit fullscreen mode

Key Points:

  • It automatically clears the token and user information after sign-out.
  • Calling it when the user is not signed in will result in an error (remember to check the login status first).
  • Operations requiring a token, like Cloud DB access, will become invalid immediately.

2. The Serious Business of Account Deletion

⚠️ This operation is like "deleting your account and running away," so make sure to have a confirmation step in your UI! Here's the core code:

auth.deleteUser()
  .then(() => {
    console.log("Account has been wiped from existence.");
    // Clear local data + navigate to the welcome page
  })
  .catch((error) => {
    if (error.code === 2022) { // Error code that requires re-authentication
      this.reAuthAndDelete(); // Trigger the re-authentication flow
    }
  });
Enter fullscreen mode Exit fullscreen mode

A Realistic Scenario:

  1. User taps the "Delete Account" button.
  2. A modal pops up saying, "Are you sure you want to leave us? QAQ"
  3. User confirms, triggering the deletion.
  4. If the account has a history of sensitive operations, it might require password re-entry for verification.

3. Re-authentication for Critical Moments

When a user performs a sensitive action (like changing a payment password), the system might suddenly require them to sign in again. This is where you use <font style="color:rgb(255, 80, 44);background-color:rgb(255, 245, 245);">reauthenticate</font>:

// Example with password verification
auth.reauthenticate({
  credential: {
    authType: auth.AuthType.PASSWORD,
    password: "user_entered_password" // Remember to handle encryption!
  }
}).then(() => {
  console.log("Identity verified. Proceed with your operation.");
}).catch((error) => {
  console.log("Authentication failed", error); 
  // Show the reason for failure, e.g., too many incorrect password attempts
});
Enter fullscreen mode Exit fullscreen mode

Multiple Authentication Methods Supported:

  • Phone verification code
  • Email verification
  • Third-party accounts (WeChat, QQ, etc.)
  • Biometrics (fingerprint/face)

4. Practical Pitfall Guide

Don't panic when you run into issues. Try these common solutions:

Q1: Why can I still get user info after calling signOut()?

  • Check if there are multiple caches that haven't been cleared.
  • Wait for the async operation to complete before navigating (try adding a setTimeout).

Q2: How should user data be handled after account deletion?

  • Inform users in advance that their cloud data will be deleted.
  • Retain important data for a 7-day transition period (as required by law).

Q3: Re-authentication always returns error 2022?

  • Check the network connection status.
  • Confirm if the credential has expired (e.g., the validity period of an SMS code).
  • Call auth.getCurrentUser() to check the current user's status.

Q4: How to design a user-friendly authentication flow?

  • Provide clear error messages (don't just say "Operation failed").
  • Offer alternative verification methods.
  • Implement humane account locking after repeated errors (don't ban them forever).

5. A Heart-to-Heart

Honestly, the most challenging part of the authentication module isn't the code, but handling all the edge cases. I recommend that you:

  1. Wrap sensitive operations in try-catch blocks.
  2. Add timeout handling to all network requests.
  3. Keep local logs of critical operations (for easier debugging).
  4. Always test biometrics on a real device!

Finally, here's our "lifesaver kit":

  • Official Troubleshooting Guide: Click here
  • Error Code Quick Reference: Teleport
  • Developer Community Entrance: Poke me

Don't panic if you get stuck, feel free to drop a comment and chat with us anytime. Happy coding, fewer bugs, and more slacking off! (Just kidding... or am I?)

【Class dismissed!】🚀

Top comments (0)