Save the date for Firebase Demo Day 2024. Learn how to build and run modern, AI-powered apps users love. Learn more.

Authenticate with Firebase using Password-Based Accounts on Flutter

You can use Firebase Authentication to let your users authenticate with Firebase using email addresses and passwords.

Before you begin

If you haven't already, follow the steps in the Get started guide.
Enable Email/Password sign-in:
- In the Firebase console's Authentication section, open the Sign in method page.
- From the Sign in method page, enable the Email/password sign-in method and click Save.

Create a password-based account

To create a new user account with a password, call the createUserWithEmailAndPassword() method:

try {
  final credential = await FirebaseAuth.instance.createUserWithEmailAndPassword(
    email: emailAddress,
    password: password,
  );
} on FirebaseAuthException catch (e) {
  if (e.code == 'weak-password') {
    print('The password provided is too weak.');
  } else if (e.code == 'email-already-in-use') {
    print('The account already exists for that email.');
  }
} catch (e) {
  print(e);
}

Typically, you would do this from your app's sign-up screen. When a new user signs up using your app's sign-up form, complete any new account validation steps that your app requires, such as verifying that the new account's password was correctly typed and meets your complexity requirements.

If the new account was created successfully, the user is also signed in. If you are listening to changes in authentication state, a new event will be sent to your listeners.

As a follow-up to creating a new account, you can Verify the user's email address.

Sign in a user with an email address and password

The steps for signing in a user with a password are similar to the steps for creating a new account. From your your app's sign-in screen, call signInWithEmailAndPassword():

try {
  final credential = await FirebaseAuth.instance.signInWithEmailAndPassword(
    email: emailAddress,
    password: password
  );
} on FirebaseAuthException catch (e) {
  if (e.code == 'user-not-found') {
    print('No user found for that email.');
  } else if (e.code == 'wrong-password') {
    print('Wrong password provided for that user.');
  }
}

Next steps

After a user creates a new account, this account is stored as part of your Firebase project, and can be used to identify a user across every app in your project, regardless of what sign-in method the user used.

In your apps, you can get the user's basic profile information from the User object. See Manage Users.

In your Firebase Realtime Database and Cloud Storage Security Rules, you can get the signed-in user's unique user ID from the auth variable, and use it to control what data a user can access.

You can allow users to sign in to your app using multiple authentication providers by linking auth provider credentials) to an existing user account.

To sign out a user, call signOut():

await FirebaseAuth.instance.signOut();