Skip to main content
Quick Reference - Login with Auth Key (dev) or Auth Token (production):
// Auth Key login (development only)
const user = await CometChat.login("USER_UID", "AUTH_KEY");

// Auth Token login (recommended for production)
const user = await CometChat.login("AUTH_TOKEN");

// Check existing session
const loggedInUser = await CometChat.getLoggedinUser();

Create User

Before you log in a user, you must add the user to CometChat.
  1. For proof of concept/MVPs: Create the user using the CometChat Dashboard.
  2. For production apps: Use the CometChat Create User API to create the user when your user signs up in your app.
Sample Users: We have set up 5 users for testing with UIDs: cometchat-uid-1, cometchat-uid-2, cometchat-uid-3, cometchat-uid-4 and cometchat-uid-5.
Once initialization is successful, you will need to log the user into CometChat using the login() method. We recommend you call the CometChat login method once your user logs into your app. The login() method needs to be called only once.
The CometChat SDK maintains the session of the logged-in user within the SDK. Thus you do not need to call the login method for every session. You can use the CometChat.getLoggedinUser() method to check if there is any existing session in the SDK. This method should return the details of the logged-in user. If this method returns null, it implies there is no session present within the SDK and you need to log the user into CometChat.

Login using Auth Key

Security Warning: This straightforward authentication method is ideal for proof-of-concept (POC) development or during the early stages of application development. For production environments, we strongly recommend using an Auth Token instead of an Auth Key to ensure enhanced security.
var UID = "UID";
var authKey = "AUTH_KEY";

// Check if user is already logged in before calling login
CometChat.getLoggedinUser().then(
  (user) => {
    if (!user) {
      CometChat.login(UID, authKey).then(
        (user) => {
          console.log("Login Successful:", user);
        },
        (error) => {
          console.log("Login failed with exception:", error);
        }
      );
    }
  },
  (error) => {
    console.log("Something went wrong", error);
  }
);
ParameterDescription
UIDThe UID of the user that you would like to login
authKeyCometChat Auth Key
After the user logs in, their information is returned in the User object on Promise resolved.
On Successconsole.log("Login Successful:", user) returns:
Login Successful: {
  "hasBlockedMe": false,
  "blockedByMe": false,
  "deactivatedAt": 0,
  "uid": "cometchat-uid-2",
  "name": "George Alan",
  "authToken": "cometchat-uid-2_17713124898af10df254d51ef6ffc14e79955ac0",
  "avatar": "https://assets.cometchat.io/sampleapp/v2/users/cometchat-uid-2.webp",
  "lastActiveAt": 1771311515,
  "role": "default",
  "status": "online",
  "tags": []
}
On Failureconsole.log("Login failed with exception:", error) returns:
Login failed with exception: {
  "code": "ERR_UID_NOT_FOUND",
  "name": "UID not found",
  "message": "The UID provided does not exist.",
  "details": {}
}

Login using Auth Token

This advanced authentication procedure does not use the Auth Key directly in your client code, thus ensuring safety.
1

Create a User

Create a User via the CometChat API when the user signs up in your app.
2

Create an Auth Token

Create an Auth Token via the CometChat API for the new user and save the token in your database.
3

Login with the token

Load the Auth Token in your client and pass it to the login() method.
var authToken = "AUTH_TOKEN";

// Check if user is already logged in before calling login
CometChat.getLoggedinUser().then(
  (user) => {
    if (!user) {
      CometChat.login(authToken).then(
        (user) => {
          console.log("Login Successful:", user);
        },
        (error) => {
          console.log("Login failed with exception:", error);
        }
      );
    }
  },
  (error) => {
    console.log("Something went wrong", error);
  }
);
ParameterDescription
authTokenAuth Token of the user you would like to login
After the user logs in, their information is returned in the User object on the Promise resolved.
On Successconsole.log("Login Successful:", user) returns:
Login Successful: {
  "hasBlockedMe": false,
  "blockedByMe": false,
  "deactivatedAt": 0,
  "uid": "cometchat-uid-2",
  "name": "George Alan",
  "authToken": "cometchat-uid-2_17713124898af10df254d51ef6ffc14e79955ac0",
  "avatar": "https://assets.cometchat.io/sampleapp/v2/users/cometchat-uid-2.webp",
  "lastActiveAt": 1771311515,
  "role": "default",
  "status": "online",
  "tags": []
}
On Failureconsole.log("Login failed with exception:", error) returns:
Login failed with exception: {
  "code": "ERR_AUTH_TOKEN_NOT_FOUND",
  "name": "Auth token not found",
  "message": "The Auth Token provided is invalid or expired.",
  "details": {}
}

Logout

You can use the logout() method to log out the user from CometChat. We suggest you call this method once your user has been successfully logged out from your app.
CometChat.logout().then(
  () => {
    console.log("Logout completed successfully");
  },
  (error) => {
    console.log("Logout failed with exception:", error);
  }
);
On Successconsole.log("Logout completed successfully") returns:
Logout completed successfully
On Failureconsole.log("Logout failed with exception:", error) returns:
Logout failed with exception: {
  "code": "ERR_NOT_LOGGED_IN",
  "name": "Not logged in",
  "message": "No user is currently logged in.",
  "details": {}
}
  • Always check for an existing session with getLoggedinUser() before calling login()
  • Use Auth Token (not Auth Key) in production environments
  • Generate Auth Tokens server-side and never expose your REST API Key in client code
  • Call logout() when the user logs out of your app to clean up the CometChat session
  • Handle login errors gracefully and provide user-friendly error messages
  • Login fails with “UID not found”: Ensure the user has been created in CometChat before attempting login
  • Auth Token expired: Generate a new Auth Token from your server and retry login
  • Session persists after logout: Ensure logout() completes successfully before redirecting
  • Multiple login calls: Use getLoggedinUser() to prevent redundant login attempts

Next Steps