Share Lightning Apps with Non-Authenticated Users

Add the ltng:allowGuestAccess interface to your Lightning Out dependency app to make it available to users without requiring them to authenticate with Salesforce. This interface lets you build your app with Lightning components, and deploy it anywhere and to anyone.
A Lightning Out dependency app with the ltng:allowGuestAccess interface can be used with Lightning Components for Visualforce and with Lightning Out.
  • Using Lightning Components for Visualforce, you can add your Lightning app to a Visualforce page, and then use that page in Salesforce Tabs + Visualforce communities. Then you can allow public access to that page.
  • Using Lightning Out, you can deploy your Lightning app anywhere Lightning Out is supported—which is almost anywhere!

The ltng:allowGuestAccess interface is only usable in orgs that have Communities enabled, and your Lightning Out app is associated with all community endpoints that you’ve defined in your org.

Important

Important

When you make a Lightning app accessible to guest users by adding the ltng:allowGuestAccess interface, it’s available through every community in your org, whether that community is enabled for public access or not. You can’t prevent it from being accessible via community URLs, and you can’t make it available for some communities but not others.

Warning

Warning

Be extremely careful about apps you open for guest access. Apps enabled for guest access bypass the object- and field-level security (FLS) you set for your community’s guest user profile. Lightning components don’t automatically enforce CRUD and FLS when you reference objects or retrieve the objects from an Apex controller. This means that the framework continues to display records and fields for which users don’t have CRUD access and FLS visibility. You must manually enforce CRUD and FLS in your Apex controllers. A mistake in code used in an app enabled for guest access can open your org’s data to the world.

Usage

To begin with, add the ltng:allowGuestAccess interface to your Lightning Out dependency app. For example:
<aura:application access="GLOBAL" extends="ltng:outApp" 
    implements="ltng:allowGuestAccess"> 

    <aura:dependency resource="c:storeLocatorMain"/>

</aura:application>
Note

Note

You can only add the ltng:allowGuestAccess interface to Lightning apps, not to individual components.

Next, add the Lightning Out JavaScript library to your page.
  • With Lightning Components for Visualforce, simply add the <apex:includeLightning /> tag anywhere on your page.
  • With Lightning Out, add a <script> tag that references the library directly, using a community endpoint URL. For example:
    <script src="https://yourCommunityDomain/communityURL/lightning/lightning.out.js"></script>

    For example, https://universalcontainers.force.com/ourstores/lightning/lightning.out.js

Finally, add the JavaScript code to load and activate your Lightning app. This code is standard Lightning Out, with the important addition that you must use one of your org’s community URLs for the endpoint. The endpoint URL takes the form https://yourCommunityDomain/communityURL/. The relevant line is emphasized in the following sample.

<script>
    $Lightning.use("c:locatorApp",    // name of the Lightning app
        function() {                  // Callback once framework and app loaded
            $Lightning.createComponent(
                "c:storeLocatorMain", // top-level component of your app
                { },                  // attributes to set on the component when created
                "lightningLocator",   // the DOM location to insert the component
                function(cmp) {
                    // callback when component is created and active on the page
                }
            );
        },
        'https://universalcontainers.force.com/ourstores/'  // Community endpoint
    );
</script>