Firebase Email Authentication
Firebase Authentication provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app. It supports authentication using passwords, phone numbers, popular federated identity providers like Google, Facebook and Twitter, and more.
Firebase Authentication integrates tightly with other Firebase services, and it leverages industry standards like OAuth 2.0 and OpenID Connect, so it can be easily integrated with your custom backend.
To sign a user into your app, you first get authentication credentials from the user. These credentials can be the user's email address and password, or an OAuth token from a federated identity provider.
Then, you pass these credentials to the Firebase Authentication SDK. Our backend services will then verify those credentials and return a response to the client.
After a successful sign in, you can access the user's basic profile information, and you can control the user's access to data stored in other Firebase products.
The Firebase user object represents a user account that has signed up for an app in your project. Apps usually have many registered users, and every app in a project shares a user database.
User instances are independent from Firebase Authentication instances, so you can have several references to different users within the same context and still call any of their methods.
Firebase users have a fixed set of basic properties—a unique ID, a primary email address, a name and a photo URL—stored in the project's user database, that can be updated by the user (iOS, Android, web). You cannot add other properties to the user object directly; instead, you can store the additional properties in any other storage services, like Google Cloud Firestore.
The first time a user signs up to your app, the user's profile data is populated using the available information:
- If the user signed up with an email address and password, only the primary email address property is populated
- If the user signed up with a federated identity provider, such as Google or Facebook, the account information made available by the provider is used to populate the user's profile
- If the user signed up with your custom auth system, you must explicitly add the information you want to the user's profile
Once a user account has been created, you can reload the user's information to incorporate any changes the user might have made on another device.
The user lifecycle
The recommended way to track the current state of the Auth instance is by using listeners (also called "observers" in JavaScript). An Auth listener gets notified any time something relevant happens to the Auth object. See Managing Users (iOS, Android, web).
An Auth listener gets notified in the following situations:
- The Auth object finishes initializing and a user was already signed in from a previous session, or has been redirected from an identity provider's sign-in flow
- A user signs in (the current user is set)
- A user signs out (the current user becomes null)
- The current user's access token is refreshed. This case can happen in the following conditions:
- The access token expires: this is a common situation. The refresh token is used to get a new valid set of tokens.
- The user changes their password: Firebase issues new access and refresh tokens and renders the old tokens expired. This automatically expires the user's token and/or signs out the user on every device, for security reasons.
- The user re-authenticates: some actions require that the user's credentials are recently issued; such actions include deleting an account, setting a primary email address, and changing a password. Instead of signing out the user and then signing in the user again, get new credentials from the user, and pass the new credentials to the reauthenticate method of the user object.
For email address and password or phone number sign-in and any federated identity providers you want to support, enable them in the Firebase console and complete any configuration required by the identity provider, such as setting your OAuth redirect URL.
You can also use the provided authentication token to verify the identity of users in your own backend services.
0 Comments