Federated identity & social sign-in

Social authentication is a multi-step authentication flow, allowing you to sign a user into an account or link them with an existing one.

Both native platforms and web support creating a credential which can then be passed to the signInWithCredential or linkWithCredential methods. Alternatively on web platforms, you can trigger the authentication process via a popup or redirect.

Google

Most configuration is already setup when using Google Sign-In with Firebase, however you need to ensure your machine's SHA1 key has been configured for use with Android. You can see how to generate the key in the authentication documentation.

Ensure the "Google" sign-in provider is enabled on the Firebase Console.

If your user signs in with Google, after having already manually registered an account, their authentication provider will automatically change to Google, due to Firebase Authentications concept of trusted providers. You can find out more about this here.

iOS+ and Android

On native platforms, a 3rd party library is required to trigger the authentication flow.

Install the official google_sign_in plugin.

Once installed, trigger the sign-in flow and create a new credential:

import 'package:google_sign_in/google_sign_in.dart';

Future<UserCredential> signInWithGoogle() async {
  // Trigger the authentication flow
  final GoogleSignInAccount? googleUser = await GoogleSignIn().signIn();

  // Obtain the auth details from the request
  final GoogleSignInAuthentication? googleAuth = await googleUser?.authentication;

  // Create a new credential
  final credential = GoogleAuthProvider.credential(
    accessToken: googleAuth?.accessToken,
    idToken: googleAuth?.idToken,
  );

  // Once signed in, return the UserCredential
  return await FirebaseAuth.instance.signInWithCredential(credential);
}

Web

On the web, the Firebase SDK provides support for automatically handling the authentication flow using your Firebase project. For example:

Create a Google auth provider, providing any additional permission scope you wish to obtain from the user:

GoogleAuthProvider googleProvider = GoogleAuthProvider();

googleProvider.addScope('https://www.googleapis.com/auth/contacts.readonly');
googleProvider.setCustomParameters({
  'login_hint': 'user@example.com'
});

Provide the credential to the signInWithPopup method. This will trigger a new window to appear prompting the user to sign-in to your project. Alternatively you can use signInWithRedirect to keep the authentication process in the same window.

Future<UserCredential> signInWithGoogle() async {
  // Create a new provider
  GoogleAuthProvider googleProvider = GoogleAuthProvider();

  googleProvider.addScope('https://www.googleapis.com/auth/contacts.readonly');
  googleProvider.setCustomParameters({
    'login_hint': 'user@example.com'
  });

  // Once signed in, return the UserCredential
  return await FirebaseAuth.instance.signInWithPopup(googleProvider);

  // Or use signInWithRedirect
  // return await FirebaseAuth.instance.signInWithRedirect(googleProvider);
}

Google Play Games (Android only)

Ensure the "Play Games" sign-in provider is enabled on the Firebase Console. Follow these instructions for Play Games Firebase project set-up.

Follow these instructions for configuring Play Games services with your Firebase app.

Android

Future<void> _signInWithPlayGames() async {
  // Get server auth code from 3rd party provider
  // See PR description for details on how you might get the server auth code:
  // https://github.com/firebase/flutterfire/pull/12201#issue-2100392487
  final serverAuthCode = '...';
  final playGamesCredential = PlayGamesAuthProvider.credential(
                                          serverAuthCode: serverAuthCode);

  await FirebaseAuth.instance
    .signInWithCredential(playGamesCredential);
}

Facebook

Before getting started setup your Facebook Developer App and follow the setup process to enable Facebook Login.

Ensure the "Facebook" sign-in provider is enabled on the Firebase Console. with the Facebook App ID and Secret set.

iOS+ and Android

On native platforms, a 3rd party library is required to both install the Facebook SDK and trigger the authentication flow.

Install the flutter_facebook_auth plugin.

You will need to follow the steps in the plugin documentation to ensure that both the Android & iOS Facebook SDKs have been initialized correctly. Once complete, trigger the sign-in flow, create a Facebook credential and sign the user in:

import 'package:flutter_facebook_auth/flutter_facebook_auth.dart';

Future<UserCredential> signInWithFacebook() async {
  // Trigger the sign-in flow
  final LoginResult loginResult = await FacebookAuth.instance.login();

  // Create a credential from the access token
  final OAuthCredential facebookAuthCredential = FacebookAuthProvider.credential(loginResult.accessToken.token);

  // Once signed in, return the UserCredential
  return FirebaseAuth.instance.signInWithCredential(facebookAuthCredential);
}

Web

On the web, the Firebase SDK provides support for automatically handling the authentication flow using the Facebook application details provided on the Firebase console. For example:

Create a Facebook provider, providing any additional permission scope you wish to obtain from the user.

Ensure that the OAuth redirect URI from the Firebase console is added as a valid OAuth Redirect URI in your Facebook App.

FacebookAuthProvider facebookProvider = FacebookAuthProvider();

facebookProvider.addScope('email');
facebookProvider.setCustomParameters({
  'display': 'popup',
});

Provide the credential to the signInWithPopup method. This will trigger a new window to appear prompting the user to sign-in to your Facebook application:

Future<UserCredential> signInWithFacebook() async {
  // Create a new provider
  FacebookAuthProvider facebookProvider = FacebookAuthProvider();

  facebookProvider.addScope('email');
  facebookProvider.setCustomParameters({
    'display': 'popup',
  });

  // Once signed in, return the UserCredential
  return await FirebaseAuth.instance.signInWithPopup(facebookProvider);

  // Or use signInWithRedirect
  // return await FirebaseAuth.instance.signInWithRedirect(facebookProvider);
}

Apple

iOS+

Before you begin, configure Sign In with Apple and enable Apple as a sign-in provider.

Next, make sure that your Runner apps have the "Sign in with Apple" capability.

Android

Before you begin, configure Sign In with Apple and enable Apple as a sign-in provider.

Web

Before you begin, configure Sign In with Apple and enable Apple as a sign-in provider.

import 'package:firebase_auth/firebase_auth.dart';

Future<UserCredential> signInWithApple() async {
  final appleProvider = AppleAuthProvider();
  if (kIsWeb) {
    await FirebaseAuth.instance.signInWithPopup(appleProvider);
  } else {
    await FirebaseAuth.instance.signInWithProvider(appleProvider);
  }
}

Apple platform sign-in only

Apple sign-in on iOS+ platforms can also be achieved with the following method:

// Implement a function that generates a nonce. See iOS documentation for how to create a nonce:
// https://firebase.google.com/docs/auth/ios/apple#sign_in_with_apple_and_authenticate_with_firebase
String rawNonce = createNonce();
// Create a SHA-256 hash of the nonce. Consider using the `crypto` package from the pub.dev registry.
String hashSHA256String = createHashSHA256String(rawNonce);
// Use the hash of the nonce to get the idToken. Consider using the `sign_in_with_apple` plugin from the pub.dev registry.
String idToken = await getIdToken();

final fullName = AppleFullPersonName(
  familyName: 'Name',
  givenName: 'Your',
);
// Use the `rawNonce` and `idToken` to get the credential
final credential = AppleAuthProvider.credentialWithIDToken(
  idToken,
  rawNonce,
  fullName,
);

await FirebaseAuth.instance.signInWithCredential(credential);

Revoke Apple auth tokens

Apple sign-in on Apple platforms returns an authorization code that can be used to revoke the Apple auth token using the revokeTokenWithAuthorizationCode() API.

import 'package:firebase_auth/firebase_auth.dart';

Future<UserCredential> signInWithApple() async {
  final appleProvider = AppleAuthProvider();

  UserCredential userCredential = await FirebaseAuth.instance.signInWithPopup(appleProvider);
  // Keep the authorization code returned from Apple platforms
  String? authCode = userCredential.additionalUserInfo?.authorizationCode;
  // Revoke Apple auth token
  await FirebaseAuth.instance.revokeTokenWithAuthorizationCode(authCode!);
}

Apple Game Center (Apple only)

Ensure the "Game Center" sign-in provider is enabled on the Firebase Console. Follow these instructions for Game Center Firebase project set-up.

You will need to login with Game Center before a Firebase Game Center credential can be issued and logged in via Firebase. Here are some instructions on how that can be achieved.

iOS+

Future<void> _signInWithGameCenter() async {
  final credential = GameCenterAuthProvider.credential();
  await FirebaseAuth.instance
      .signInWithCredential(credential);
}

Microsoft

iOS+

Before you begin configure Microsoft Login for iOS and add the custom URL schemes to your Runner (step 1).

Android

Before you begin configure Microsoft Login for Android.

Don't forget to add your app's SHA-1 fingerprint.

Web

Before you begin configure Microsoft Login for Web.

import 'package:firebase_auth/firebase_auth.dart';

Future<UserCredential> signInWithMicrosoft() async {
  final microsoftProvider = MicrosoftAuthProvider();
  if (kIsWeb) {
    await FirebaseAuth.instance.signInWithPopup(microsoftProvider);
  } else {
    await FirebaseAuth.instance.signInWithProvider(microsoftProvider);
  }
}

Twitter

Ensure the "Twitter" sign-in provider is enabled on the Firebase Console with an API Key and API Secret set. Ensure your Firebase OAuth redirect URI (e.g. my-app-12345.firebaseapp.com/__/auth/handler) is set as your Authorization callback URL in your app's settings page on your Twitter app's config.

You also might need to request elevated API access depending on your app.

iOS+

You need to configure your custom URL scheme as described in iOS guide step 1.

Android

If you haven't yet specified your app's SHA-1 fingerprint, do so from the Settings page of the Firebase console. Refer to Authenticating Your Client for details on how to get your app's SHA-1 fingerprint.

Web

Works out of the box.

import 'package:firebase_auth/firebase_auth.dart';

Future<void> _signInWithTwitter() async {
  TwitterAuthProvider twitterProvider = TwitterAuthProvider();

  if (kIsWeb) {
    await FirebaseAuth.instance.signInWithPopup(twitterProvider);
  } else {
    await FirebaseAuth.instance.signInWithProvider(twitterProvider);
  }
}

GitHub

Ensure that you have setup an OAuth App from your GitHub Developer Settings and that the "GitHub" sign-in provider is enabled on the Firebase Console with the Client ID and Secret are set, with the callback URL set in the GitHub app.

iOS+ and Android

For native platforms, you need to add the google-services.json and GoogleService-Info.plist.

For iOS, add the custom URL scheme as described on the iOS guide step 1.

Future<UserCredential> signInWithGitHub() async {
  // Create a new provider
  GithubAuthProvider githubProvider = GithubAuthProvider();

  return await FirebaseAuth.instance.signInWithProvider(githubProvider);
}

Web

On the web, the GitHub SDK provides support for automatically handling the authentication flow using the GitHub application details provided on the Firebase console. Ensure that the callback URL in the Firebase console is added as a callback URL in your GitHub application on the developer console.

For example:

Create a GitHub provider and provide the credential to the signInWithPopup method. This will trigger a new window to appear prompting the user to sign-in to your GitHub application:

Future<UserCredential> signInWithGitHub() async {
  // Create a new provider
  GithubAuthProvider githubProvider = GithubAuthProvider();

  // Once signed in, return the UserCredential
  return await FirebaseAuth.instance.signInWithPopup(githubProvider);

  // Or use signInWithRedirect
  // return await FirebaseAuth.instance.signInWithRedirect(githubProvider);
}

Yahoo

Ensure the "Yahoo" sign-in provider is enabled on the Firebase Console with an API Key and API Secret set. Also make sure your Firebase OAuth redirect URI (e.g. my-app-12345.firebaseapp.com/__/auth/handler) is set as a redirect URI in your app's Yahoo Developer Network configuration.

iOS+

Before you begin, configure Yahoo Login for iOS and add the custom URL schemes to your Runner (step 1).

Android

Before you begin, configure Yahoo Login for Android.

Don't forget to add your app's SHA-1 fingerprint.

Web

Works out of the box.

import 'package:firebase_auth/firebase_auth.dart';

Future<UserCredential> signInWithYahoo() async {
  final yahooProvider = YahooAuthProvider();
  if (kIsWeb) {
    await _auth.signInWithPopup(yahooProvider);
  } else {
    await _auth.signInWithProvider(yahooProvider);
  }
}

Using the OAuth access token

By using an AuthProvider, you can retrieve the access token associated with the provider by making the following request.

final appleProvider = AppleAuthProvider();

final user = await FirebaseAuth.instance.signInWithProvider(appleProvider);
final accessToken = user.credential?.accessToken;

// You can send requests with the `accessToken`

Linking an Authentication Provider

If you want to link a provider to a current user, you can use the following method: ```dart await FirebaseAuth.instance.signInAnonymously();

final appleProvider = AppleAuthProvider();

if (kIsWeb) { await FirebaseAuth.instance.currentUser?.linkWithPopup(appleProvider);

// You can also use linkWithRedirect } else { await FirebaseAuth.instance.currentUser?.linkWithProvider(appleProvider); }

// You're anonymous user is now upgraded to be able to connect with Sign In With Apple ```

Reauthenticate with provider

The same pattern can be used with reauthenticateWithProvider which can be used to retrieve fresh credentials for sensitive operations that require recent login.

final appleProvider = AppleAuthProvider();

if (kIsWeb) {
  await FirebaseAuth.instance.currentUser?.reauthenticateWithPopup(appleProvider);

  // Or you can reauthenticate with a redirection
  // await FirebaseAuth.instance.currentUser?.reauthenticateWithRedirect(appleProvider);
} else {
  await FirebaseAuth.instance.currentUser?.reauthenticateWithProvider(appleProvider);
}

// You can now perform sensitive operations