Social authentication is a multi-step authentication flow, allowing you to sign a user into an account or link them with an existing one.
Both native platforms and web support creating a credential which can then be passed to the signInWithCredential
or linkWithCredential methods. Alternatively on web platforms, you can trigger the authentication process via
a popup or redirect.
Most configuration is already setup when using Google Sign-In with Firebase, however you need to ensure your machine's SHA1 key has been configured for use with Android. You can see how to generate the key in the authentication documentation.
Ensure the "Google" sign-in provider is enabled on the Firebase Console.
If your user signs in with Google, after having already manually registered an account, their authentication provider will automatically change to Google, due to Firebase Authentications concept of trusted providers. You can find out more about this here.
iOS+ and Android
On native platforms, a 3rd party library is required to trigger the authentication flow.
Install the official google_sign_in plugin.
Once installed, trigger the sign-in flow and create a new credential:
import 'package:google_sign_in/google_sign_in.dart';
Future<UserCredential> signInWithGoogle() async {
// Trigger the authentication flow
final GoogleSignInAccount? googleUser = await GoogleSignIn.instance.authenticate();
// Obtain the auth details from the request
final GoogleSignInAuthentication googleAuth = googleUser.authentication;
// Create a new credential
final credential = GoogleAuthProvider.credential(idToken: googleAuth.idToken);
// Once signed in, return the UserCredential
return await FirebaseAuth.instance.signInWithCredential(credential);
}
Web
On the web, the Firebase SDK provides support for automatically handling the authentication flow using your Firebase project. For example:
Create a Google auth provider, providing any additional permission scope you wish to obtain from the user:
GoogleAuthProvider googleProvider = GoogleAuthProvider();
googleProvider.addScope('https://www.googleapis.com/auth/contacts.readonly');
googleProvider.setCustomParameters({
'login_hint': 'user@example.com'
});
Provide the credential to the signInWithPopup method. This will trigger a new
window to appear prompting the user to sign-in to your project. Alternatively you can use signInWithRedirect to keep the
authentication process in the same window.
Future<UserCredential> signInWithGoogle() async {
// Create a new provider
GoogleAuthProvider googleProvider = GoogleAuthProvider();
googleProvider.addScope('https://www.googleapis.com/auth/contacts.readonly');
googleProvider.setCustomParameters({
'login_hint': 'user@example.com'
});
// Once signed in, return the UserCredential
return await FirebaseAuth.instance.signInWithPopup(googleProvider);
// Or use signInWithRedirect
// return await FirebaseAuth.instance.signInWithRedirect(googleProvider);
}
Google Play Games (Android only)
Ensure the "Play Games" sign-in provider is enabled on the Firebase Console. Follow these instructions for Play Games Firebase project set-up.
Follow these instructions for configuring Play Games services with your Firebase app.
Android
Future<void> _signInWithPlayGames() async {
// Get server auth code from 3rd party provider
// See PR description for details on how you might get the server auth code:
// https://github.com/firebase/flutterfire/pull/12201#issue-2100392487
final serverAuthCode = '...';
final playGamesCredential = PlayGamesAuthProvider.credential(
serverAuthCode: serverAuthCode);
await FirebaseAuth.instance
.signInWithCredential(playGamesCredential);
}
Before getting started setup your Facebook Developer App and follow the setup process to enable Facebook Login.
Ensure the "Facebook" sign-in provider is enabled on the Firebase Console. with the Facebook App ID and Secret set.
iOS+ and Android
On native platforms, a 3rd party library is required to both install the Facebook SDK and trigger the authentication flow.
Install the flutter_facebook_auth plugin.
You will need to follow the steps in the plugin documentation to ensure that both the Android & iOS Facebook SDKs have been initialized correctly. Once complete, trigger the sign-in flow, create a Facebook credential and sign the user in:
import 'package:flutter_facebook_auth/flutter_facebook_auth.dart';
Future<UserCredential> signInWithFacebook() async {
// Trigger the sign-in flow
final LoginResult loginResult = await FacebookAuth.instance.login();
// Create a credential from the access token
final OAuthCredential facebookAuthCredential = FacebookAuthProvider.credential(loginResult.accessToken.token);
// Once signed in, return the UserCredential
return FirebaseAuth.instance.signInWithCredential(facebookAuthCredential);
}
Web
On the web, the Firebase SDK provides support for automatically handling the authentication flow using the Facebook application details provided on the Firebase console. For example:
Create a Facebook provider, providing any additional permission scope you wish to obtain from the user.
Ensure that the OAuth redirect URI from the Firebase console is added as a valid OAuth Redirect URI in your Facebook App.
FacebookAuthProvider facebookProvider = FacebookAuthProvider();
facebookProvider.addScope('email');
facebookProvider.setCustomParameters({
'display': 'popup',
});
Provide the credential to the signInWithPopup method. This will trigger a new
window to appear prompting the user to sign-in to your Facebook application:
Future<UserCredential> signInWithFacebook() async {
// Create a new provider
FacebookAuthProvider facebookProvider = FacebookAuthProvider();
facebookProvider.addScope('email');
facebookProvider.setCustomParameters({
'display': 'popup',
});
// Once signed in, return the UserCredential
return await FirebaseAuth.instance.signInWithPopup(facebookProvider);
// Or use signInWithRedirect
// return await FirebaseAuth.instance.signInWithRedirect(facebookProvider);
}
Apple
iOS+
Before you begin, configure Sign In with Apple and enable Apple as a sign-in provider.
Next, make sure that your Runner apps have the "Sign in with Apple" capability.
Android
Before you begin, configure Sign In with Apple and enable Apple as a sign-in provider.
Web
Before you begin, configure Sign In with Apple and enable Apple as a sign-in provider.
import 'package:firebase_auth/firebase_auth.dart';
Future<UserCredential> signInWithApple() async {
final appleProvider = AppleAuthProvider();
if (kIsWeb) {
await FirebaseAuth.instance.signInWithPopup(appleProvider);
} else {
await FirebaseAuth.instance.signInWithProvider(appleProvider);
}
}
Apple platform sign-in only
Apple sign-in on iOS+ platforms can also be achieved with the following method:
// Implement a function that generates a nonce. See iOS documentation for how to create a nonce:
// https://firebase.google.com/docs/auth/ios/apple#sign_in_with_apple_and_authenticate_with_firebase
String rawNonce = createNonce();
// Create a SHA-256 hash of the nonce. Consider using the `crypto` package from the pub.dev registry.
String hashSHA256String = createHashSHA256String(rawNonce);
// Use the hash of the nonce to get the idToken. Consider using the `sign_in_with_apple` plugin from the pub.dev registry.
String idToken = await getIdToken();
final fullName = AppleFullPersonName(
familyName: 'Name',
givenName: 'Your',
);
// Use the `rawNonce` and `idToken` to get the credential
final credential = AppleAuthProvider.credentialWithIDToken(
idToken,
rawNonce,
fullName,
);
await FirebaseAuth.instance.signInWithCredential(credential);
Revoke Apple auth tokens
Apple sign-in on Apple platforms returns an authorization code that can be used
to revoke the Apple auth token using the revokeTokenWithAuthorizationCode()
API.
import 'package:firebase_auth/firebase_auth.dart';
Future<UserCredential> signInWithApple() async {
final appleProvider = AppleAuthProvider();
UserCredential userCredential = await FirebaseAuth.instance.signInWithPopup(appleProvider);
// Keep the authorization code returned from Apple platforms
String? authCode = userCredential.additionalUserInfo?.authorizationCode;
// Revoke Apple auth token
await FirebaseAuth.instance.revokeTokenWithAuthorizationCode(authCode!);
}
Apple Game Center (Apple only)
Ensure the "Game Center" sign-in provider is enabled on the Firebase Console. Follow these instructions for Game Center Firebase project set-up.
You will need to login with Game Center before a Firebase Game Center credential can be issued and logged in via Firebase. Here are some instructions on how that can be achieved.
iOS+
Future<void> _signInWithGameCenter() async {
final credential = GameCenterAuthProvider.credential();
await FirebaseAuth.instance
.signInWithCredential(credential);
}
Microsoft
iOS+
Before you begin configure Microsoft Login for iOS and add the custom URL schemes to your Runner (step 1).
Android
Before you begin configure Microsoft Login for Android.
Don't forget to add your app's SHA-1 fingerprint.
Web
Before you begin configure Microsoft Login for Web.
import 'package:firebase_auth/firebase_auth.dart';
Future<UserCredential> signInWithMicrosoft() async {
final microsoftProvider = MicrosoftAuthProvider();
if (kIsWeb) {
await FirebaseAuth.instance.signInWithPopup(microsoftProvider);
} else {
await FirebaseAuth.instance.signInWithProvider(microsoftProvider);
}
}
Ensure the "Twitter" sign-in provider is enabled on the Firebase Console with an API Key and API Secret set. Ensure your Firebase OAuth redirect URI (e.g. my-app-12345.firebaseapp.com/__/auth/handler) is set as your Authorization callback URL in your app's settings page on your Twitter app's config.
You also might need to request elevated API access depending on your app.
iOS+
You need to configure your custom URL scheme as described in iOS guide step 1.
Android
If you haven't yet specified your app's SHA-1 fingerprint, do so from the Settings page of the Firebase console. Refer to Authenticating Your Client for details on how to get your app's SHA-1 fingerprint.
Web
Works out of the box.
import 'package:firebase_auth/firebase_auth.dart';
Future<void> _signInWithTwitter() async {
TwitterAuthProvider twitterProvider = TwitterAuthProvider();
if (kIsWeb) {
await FirebaseAuth.instance.signInWithPopup(twitterProvider);
} else {
await FirebaseAuth.instance.signInWithProvider(twitterProvider);
}
}
GitHub
Ensure that you have setup an OAuth App from your GitHub Developer Settings and that the "GitHub" sign-in provider is enabled on the Firebase Console with the Client ID and Secret are set, with the callback URL set in the GitHub app.
iOS+ and Android
For native platforms, you need to add the google-services.json and GoogleService-Info.plist.
For iOS, add the custom URL scheme as described on the iOS guide step 1.
Future<UserCredential> signInWithGitHub() async {
// Create a new provider
GithubAuthProvider githubProvider = GithubAuthProvider();
return await FirebaseAuth.instance.signInWithProvider(githubProvider);
}
Web
On the web, the GitHub SDK provides support for automatically handling the authentication flow using the GitHub application details provided on the Firebase console. Ensure that the callback URL in the Firebase console is added as a callback URL in your GitHub application on the developer console.
For example:
Create a GitHub provider and provide the credential to the signInWithPopup method. This will trigger a new
window to appear prompting the user to sign-in to your GitHub application:
Future<UserCredential> signInWithGitHub() async {
// Create a new provider
GithubAuthProvider githubProvider = GithubAuthProvider();
// Once signed in, return the UserCredential
return await FirebaseAuth.instance.signInWithPopup(githubProvider);
// Or use signInWithRedirect
// return await FirebaseAuth.instance.signInWithRedirect(githubProvider);
}
Yahoo
Ensure the "Yahoo" sign-in provider is enabled on the Firebase Console with an API Key and API Secret set. Also make sure your Firebase OAuth redirect URI (e.g. my-app-12345.firebaseapp.com/__/auth/handler) is set as a redirect URI in your app's Yahoo Developer Network configuration.
iOS+
Before you begin, configure Yahoo Login for iOS and add the custom URL schemes to your Runner (step 1).
Android
Before you begin, configure Yahoo Login for Android.
Don't forget to add your app's SHA-1 fingerprint.
Web
Works out of the box.
import 'package:firebase_auth/firebase_auth.dart';
Future<UserCredential> signInWithYahoo() async {
final yahooProvider = YahooAuthProvider();
if (kIsWeb) {
await _auth.signInWithPopup(yahooProvider);
} else {
await _auth.signInWithProvider(yahooProvider);
}
}
Using the OAuth access token
By using an AuthProvider, you can retrieve the access token associated with the provider by making the following request.
final appleProvider = AppleAuthProvider();
final user = await FirebaseAuth.instance.signInWithProvider(appleProvider);
final accessToken = user.credential?.accessToken;
// You can send requests with the `accessToken`
Linking an Authentication Provider
If you want to link a provider to a current user, you can use the following method:
await FirebaseAuth.instance.signInAnonymously();
final appleProvider = AppleAuthProvider();
if (kIsWeb) {
await FirebaseAuth.instance.currentUser?.linkWithPopup(appleProvider);
// You can also use `linkWithRedirect`
} else {
await FirebaseAuth.instance.currentUser?.linkWithProvider(appleProvider);
}
// You're anonymous user is now upgraded to be able to connect with Sign In With Apple
Reauthenticate with provider
The same pattern can be used with reauthenticateWithProvider which can be used to retrieve fresh
credentials for sensitive operations that require recent login.
final appleProvider = AppleAuthProvider();
if (kIsWeb) {
await FirebaseAuth.instance.currentUser?.reauthenticateWithPopup(appleProvider);
// Or you can reauthenticate with a redirection
// await FirebaseAuth.instance.currentUser?.reauthenticateWithRedirect(appleProvider);
} else {
await FirebaseAuth.instance.currentUser?.reauthenticateWithProvider(appleProvider);
}
// You can now perform sensitive operations