Share Lightning Out Apps with Unauthenticated Users
ltng:allowGuestAccess interface to your standalone Aura dependency app to make it available to users without requiring them to authenticate with Salesforce. This interface lets you build your app with Lightning web components, and deploy it anywhere and to anyone.
If a user is authenticated with the Lightning Out endpoint, you must set the session in
$Lightning.use(). Even though we’re talking about unauthenticated users, it’s important to understand the requirements if a user is authenticated.
You can add a standalone Aura dependency app with the
ltng:allowGuestAccess interface to a Visualforce page, and you can use it with a Lightning Out app hosted outside Salesforce.
- Using Lightning Web Components for Visualforce, you can add your dependency app to a Visualforce page, and then use that page in Salesforce Tabs + Visualforce sites. Then you can allow public access to that page.
- Using Lightning Out, you can deploy your dependency app anywhere Lightning Out is supported—which is almost anywhere!
ltng:allowGuestAccess interface is only usable in orgs that have Digital Experiences enabled, and your Lightning Out app is associated with all site endpoints that you’ve defined in your org.
When you make a dependency app accessible to guest users by adding the
ltng:allowGuestAccess interface, it’s available through every Experience Cloud site in your org, whether that site is enabled for public access or not. You can’t prevent it from being accessible via site URLs, and you can’t make it available for some sites but not others.
Be extremely careful about apps you open for guest access. Apps enabled for guest access bypass the object- and field-level security (FLS) you set for your site’s guest user profile. Components don’t automatically enforce CRUD and FLS in an Apex method when you reference or retrieve objects. The framework continues to display records and fields for which users don’t have CRUD access and FLS visibility. A mistake in code used in an app enabled for guest access can open your org’s data to the world.
ltng:allowGuestAccess interface to your standalone Aura dependency app.
You can only add the
ltng:allowGuestAccess interface to dependency apps, not to individual components.
With Lightning Web Components for Visualforce, simply add the
<apex:includeLightning />tag anywhere on your page.
With Lightning Out, add a
<script>tag that references the library directly, using a site endpoint URL.
https://YOURSITEDOMAIN/SITEURL, as shown by
https://universalcontainers.force.com/ourstores/ in this example.