Skip to main content

Get Started with Firebase Authentication on Flutter

Notice

This page is archived and might not reflect the latest version of the FlutterFire plugins. You can find the latest information on firebase.google.com:

https://firebase.google.com/docs/auth/flutter/start

Connect your app to Firebase#

Install and initialize the Firebase SDKs for Flutter if you haven't already done so.

Add Firebase Authentication to your app#

  1. From the root of your Flutter project, run the following command to install the plugin:

    flutter pub add firebase_auth
  2. Once complete, rebuild your Flutter application:

    flutter run
  3. Import the plugin in your Dart code:

    import 'package:firebase_auth/firebase_auth.dart';

To use an authentication provider, you need to enable it in the Firebase console. Go to the Sign-in Method page in the Firebase Authentication section to enable Email/Password sign-in and any other identity providers you want for your app.

(Optional) Prototype and test with Firebase Local Emulator Suite#

Before talking about how your app authenticates users, let's introduce a set of tools you can use to prototype and test Authentication functionality: Firebase Local Emulator Suite. If you're deciding among authentication techniques and providers, trying out different data models with public and private data using Authentication and Firebase Security Rules, or prototyping sign-in UI designs, being able to work locally without deploying live services can be a great idea.

An Authentication emulator is part of the Local Emulator Suite, which enables your app to interact with emulated database content and config, as well as optionally your emulated project resources (functions, other databases, and security rules).

Using the Authentication emulator involves just a few steps:

  1. Adding a line of code to your app's test config to connect to the emulator.

  2. From the root of your local project directory, running firebase emulators:start.

  3. Using the Local Emulator Suite UI for interactive prototyping, or the Authentication emulator REST API for non-interactive testing.

  4. Call useAuthEmulator() to specify the emulator address and port:

    Future<void> main() async {
    WidgetsFlutterBinding.ensureInitialized();
    await Firebase.initializeApp();
    // Ideal time to initialize
    await FirebaseAuth.instance.useAuthEmulator('localhost', 9099);
    //...
    }

A detailed guide is available at Connect your app to the Authentication emulator. For more information, see the Local Emulator Suite introduction.

Now let's continue with how to authenticate users.

Check current auth state#

Firebase Auth provides many methods and utilities for enabling you to integrate secure authentication into your new or existing Flutter application. In many cases, you will need to know about the authentication state of your user, such as whether they're logged in or logged out.

Firebase Auth enables you to subscribe in realtime to this state via a Stream. Once called, the stream provides an immediate event of the user's current authentication state, and then provides subsequent events whenever the authentication state changes.

There are three methods for listening to authentication state changes:

authStateChanges()#

To subscribe to these changes, call the authStateChanges() method on your FirebaseAuth instance:

FirebaseAuth.instance
.authStateChanges()
.listen((User? user) {
if (user == null) {
print('User is currently signed out!');
} else {
print('User is signed in!');
}
});

Events are fired when the following occurs:

  • Right after the listener has been registered.
  • When a user is signed in.
  • When the current user is signed out.

idTokenChanges()#

To subscribe to these changes, call the idTokenChanges() method on your FirebaseAuth instance:

FirebaseAuth.instance
.idTokenChanges()
.listen((User? user) {
if (user == null) {
print('User is currently signed out!');
} else {
print('User is signed in!');
}
});

Events are fired when the following occurs:

  • Right after the listener has been registered.
  • When a user is signed in.
  • When the current user is signed out.
  • When there is a change in the current user's token.
note

If you set custom claims using the Firebase Admin SDK, you will only see this event fire when the following occurs:

  • A user signs in or re-authenticates after the custom claims are modified. The ID token issued as a result will contain the latest claims.
  • An existing user session gets its ID token refreshed after an older token expires.
  • An ID token is force refreshed by calling FirebaseAuth.instance.currentUser.getIdTokenResult(true).

For further details, see Propagating custom claims to the client

userChanges()#

To subscribe to these changes, call the userChanges() method on your FirebaseAuth instance:

FirebaseAuth.instance
.userChanges()
.listen((User? user) {
if (user == null) {
print('User is currently signed out!');
} else {
print('User is signed in!');
}
});

Events are fired when the following occurs:

  • Right after the listener has been registered.
  • When a user is signed in.
  • When the current user is signed out.
  • When there is a change in the current user's token.
  • When the following methods provided by FirebaseAuth.instance.currentUser are called:
    • reload()
    • unlink()
    • updateEmail()
    • updatePassword()
    • updatePhoneNumber()
    • updateProfile()
note

idTokenChanges(), userChanges() & authStateChanges() will not fire if you update the User profile with the Firebase Admin SDK. You will have to force a reload using FirebaseAuth.instance.currentUser.reload() to retrieve the latest User profile.

idTokenChanges(), userChanges() & authStateChanges() will also not fire if you disable or delete the User with the Firebase Admin SDK or the Firebase console. You will have to force a reload using FirebaseAuth.instance.currentUser.reload(), which will cause a user-disabled or user-not-found exception that you can catch and handle in your app code.

Persisting authentication state#

The Firebase SDKs for all platforms provide out of the box support for ensuring that your user's authentication state is persisted across pp restarts or page reloads.

On native platforms such as Android & iOS, this behavior is not configurable and the user's authentication state will be persisted on device between app restarts. The user can clear the apps cached data using the device settings, which will wipe any existing state being stored.

On web platforms, the user's authentication state is stored in local storage. If required, you can change this default behavior to only persist authentication state for the current session, or not at all. To configure these settings, call the setPersistence() method. (On native platforms, an UnimplementedError will be thrown.)

// Disable persistence on web platforms
await FirebaseAuth.instance.setPersistence(Persistence.NONE);

Next Steps#

Explore the guides on signing in and signing up users with the supported identity and authentication services.