> ## Documentation Index
> Fetch the complete documentation index at: https://cometchat-22654f5b-docs-rn-guide-message-privately.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.
# Authentication
> Log users into CometChat with the Android SDK using Auth Key for development or Auth Token for production.
```kotlin theme={null}
// Check if user is already logged in
val loggedInUser = CometChat.getLoggedInUser()
// Login with Auth Key (development only)
CometChat.login("UID", "AUTH_KEY", object : CometChat.CallbackListener() {
override fun onSuccess(user: User?) { }
override fun onError(e: CometChatException?) { }
})
// Login with Auth Token (production)
CometChat.login("AUTH_TOKEN", object : CometChat.CallbackListener() {
override fun onSuccess(user: User?) { }
override fun onError(e: CometChatException?) { }
})
// Logout
CometChat.logout(object : CometChat.CallbackListener() {
override fun onSuccess(p0: String?) { }
override fun onError(p0: CometChatException?) { }
})
```
**Required Credentials:** App ID (from init), Auth Key (dev) or Auth Token (prod)\
**Get from:** [CometChat Dashboard](https://app.cometchat.com) → Your App → API & Auth Keys
After [initializing](/sdk/android/setup) the SDK, the next step is to authenticate your user. CometChat provides two login methods — Auth Key for quick development, and Auth Token for production — both accessed through the `login()` method.
## Before You Log In
### Create a User
A user must exist in CometChat before they can log in.
* **During development:** Create users from the [CometChat Dashboard](https://app.cometchat.com). Five test users are already available with UIDs `cometchat-uid-1` through `cometchat-uid-5`.
* **In production:** Call the [Create User REST API](https://api-explorer.cometchat.com/reference/creates-user) when a user signs up in your app.
We have set up 5 users for testing with UIDs: `cometchat-uid-1`, `cometchat-uid-2`, `cometchat-uid-3`, `cometchat-uid-4`, and `cometchat-uid-5`.
### Check for an Existing Session
The SDK persists the logged-in user's session locally. Before calling `login()`, always check whether a session already exists — this avoids unnecessary login calls.
```java theme={null}
if (CometChat.getLoggedInUser() != null) {
// User is already logged in — proceed to your app
}
```
```kotlin theme={null}
if (CometChat.getLoggedInUser() != null) {
// User is already logged in — proceed to your app
}
```
If `getLoggedInUser()` returns `null`, no active session exists and you need to call `login()`.
`CometChat.init()` must be called before any other SDK method. Calling `login()`, `sendMessage()`, or registering listeners before `init()` will fail.
The CometChat SDK maintains the session of the logged-in user within the SDK. You do not need to call the login method for every session. Use `CometChat.getLoggedInUser()` to check for an existing session first.
## Login using Auth Key
This straightforward authentication method is ideal for proof-of-concept (POC) development or during the early stages of application development. For production environments, however, we strongly recommend using an [Auth Token](#login-using-auth-token) instead of an Auth Key to ensure enhanced security.
**Auth Key** is for development/testing only. In production, generate **Auth Tokens** on your server using the REST API and pass them to the client. Never expose Auth Keys in production client code.
```java theme={null}
private String UID = "cometchat-uid-1";
private String authKey = "AUTH_KEY";
if (CometChat.getLoggedInUser() == null) {
CometChat.login(UID, authKey, new CometChat.CallbackListener() {
@Override
public void onSuccess(User user) {
}
@Override
public void onError(CometChatException e) {
}
});
} else {
// user already logged-in perform your action
}
```
```kotlin theme={null}
val UID = "cometchat-uid-1"
val authKey = "AUTH_KEY"
if (CometChat.getLoggedInUser() == null) {
CometChat.login(UID, authKey, object : CometChat.CallbackListener() {
override fun onSuccess(user: User?) {}
override fun onError(e: CometChatException?) {}
})
} else {
// user already logged-in perform your action
}
```
| Parameter | Description |
| --------- | -------------------------------------------------- |
| `UID` | The `UID` of the user that you would like to login |
| `authKey` | CometChat App Auth Key |
After the user logs in, their information is returned in the `User` object.
## Login using Auth Token
This advanced authentication procedure does not use the Auth Key directly in your client code, ensuring better security.
1. [Create a User](https://api-explorer.cometchat.com/reference/creates-user) via the CometChat API when the user signs up in your app.
2. [Create an Auth Token](https://api-explorer.cometchat.com/reference/create-authtoken) via the CometChat API for the new user every time the user logs in to your app.
3. Pass the **Auth Token** to your client and use it in the `login()` method.
```java theme={null}
private String authToken = "AUTH_TOKEN";
CometChat.login(authToken, new CometChat.CallbackListener() {
@Override
public void onSuccess(User user) {
Log.d(TAG, "Login Successful : " + user.toString());
}
@Override
public void onError(CometChatException e) {
Log.d(TAG, "Login failed with exception: " + e.getMessage());
}
});
```
```kotlin theme={null}
val authToken:String="AUTH_TOKEN"
CometChat.login(authToken, object :CometChat.CallbackListener(){
override fun onSuccess(p0: User?) {
Log.d(TAG, "Login Successful : " + p0?.toString())
}
override fun onError(p0: CometChatException?) {
Log.d(TAG, "Login failed with exception: " + p0?.message)
}
})
```
| Parameter | Description |
| --------- | ---------------------------------------------- |
| authToken | Auth Token of the user you would like to login |
After the user logs in, their information is returned in the `User` object.
## Logout
You can use the `logout()` method to log out the user from CometChat. We suggest you call this method once your user has been successfully logged out from your app.
```java theme={null}
CometChat.logout(new CometChat.CallbackListener() {
@Override
public void onSuccess(String successMessage) {
Log.d(TAG, "Logout completed successfully");
}
@Override
public void onError(CometChatException e) {
Log.d(TAG, "Logout failed with exception: " + e.getMessage());
}
});
```
```kotlin theme={null}
CometChat.logout(object : CometChat.CallbackListener() {
override fun onSuccess(p0: String?) {
Log.d(TAG, "Logout completed successfully")
}
override fun onError(p0: CometChatException?) {
Log.d(TAG, "Logout failed with exception: " + p0?.message)
}
})
```
***
## Login Listener
You can listen for login and logout events in real time using `LoginListener`. This is useful for updating UI state or triggering side effects when the auth state changes.
| Callback | Description |
| ------------------------------------- | -------------------------------------------------------- |
| `loginSuccess(User user)` | User logged in successfully. Provides the `User` object. |
| `loginFailure(CometChatException e)` | Login failed. Provides the exception with the reason. |
| `logoutSuccess()` | User logged out successfully. |
| `logoutFailure(CometChatException e)` | Logout failed. Provides the exception with the reason. |
### Add a Listener
```java theme={null}
CometChat.addLoginListener("UNIQUE_ID", new CometChat.LoginListener() {
@Override
public void loginSuccess(User user) {
Log.d("LoginListener", "loginSuccess " + user.toString());
}
@Override
public void loginFailure(CometChatException e) {
Log.d("LoginListener", "loginFailure " + e.getMessage());
}
@Override
public void logoutSuccess() {
Log.d("LoginListener", "logoutSuccess");
}
@Override
public void logoutFailure(CometChatException e) {
Log.d("LoginListener", "logoutFailure " + e.getMessage());
}
});
```
```kotlin theme={null}
CometChat.addLoginListener("UNIQUE_ID", object : LoginListener() {
override fun loginSuccess(user: User) {
Log.d("LoginListener", "loginSuccess $user")
}
override fun loginFailure(e: CometChatException) {
Log.d("LoginListener", "loginFailure " + e.message)
}
override fun logoutSuccess() {
Log.d("LoginListener", "logoutSuccess")
}
override fun logoutFailure(e: CometChatException) {
Log.d("LoginListener", "logoutFailure " + e.message)
}
})
```
### Remove a Listener
```java theme={null}
CometChat.removeLoginListener("UNIQUE_ID");
```
```kotlin theme={null}
CometChat.removeLoginListener("UNIQUE_ID")
```
Always remove login listeners when they're no longer needed (e.g., in `onDestroy()`). Failing to remove listeners can cause memory leaks and duplicate event handling.
***
## Next Steps
Start sending text, media, and custom messages to users and groups
Retrieve and manage users in your application
Monitor the SDK connection state in real time
Understand core CometChat concepts and terminology