Social authentication is a multi-step authentication flow, allowing you to sign a user into an account or link them with an existing one.
Both native platforms and web support creating a credential which can then be passed to the signInWithCredential
or linkWithCredential
methods. Alternatively on web platforms, you can trigger the authentication process via
a popup or redirect.
Most configuration is already setup when using Google Sign-In with Firebase, however you need to ensure your machine's SHA1 key has been configured for use with Android. You can see how to generate the key in the authentication documentation .
Ensure the "Google" sign-in provider is enabled on the Firebase Console .
If your user signs in with Google, after having already manually registered an account, their authentication provider will automatically change to Google, due to Firebase Authentications concept of trusted providers. You can find out more about this here .
iOS+ and Android
On native platforms, a 3rd party library is required to trigger the authentication flow.
Install the official google_sign_in
plugin.
Once installed, trigger the sign-in flow and create a new credential:
import
'package:google_sign_in/google_sign_in.dart'
;
Future<UserCredential>
signInWithGoogle
()
async
{
// Trigger the authentication flow
final
GoogleSignInAccount
?
googleUser
=
await
GoogleSignIn
.
instance
.
authenticate
();
// Obtain the auth details from the request
final
GoogleSignInAuthentication
googleAuth
=
googleUser
.
authentication
;
// Create a new credential
final
credential
=
GoogleAuthProvider
.
credential
(
idToken:
googleAuth
.
idToken
);
// Once signed in, return the UserCredential
return
await
FirebaseAuth
.
instance
.
signInWithCredential
(
credential
);
}
Web
On the web, the Firebase SDK provides support for automatically handling the authentication flow using your Firebase project. For example:
Create a Google auth provider, providing any additional permission scope you wish to obtain from the user:
GoogleAuthProvider
googleProvider
=
GoogleAuthProvider
();
googleProvider
.
addScope
(
'https://www.googleapis.com/auth/contacts.readonly'
);
googleProvider
.
setCustomParameters
({
'login_hint'
:
'user@example.com'
});
Provide the credential to the signInWithPopup
method. This will trigger a new
window to appear prompting the user to sign-in to your project. Alternatively you can use signInWithRedirect
to keep the
authentication process in the same window.
Future<UserCredential>
signInWithGoogle
()
async
{
// Create a new provider
GoogleAuthProvider
googleProvider
=
GoogleAuthProvider
();
googleProvider
.
addScope
(
'https://www.googleapis.com/auth/contacts.readonly'
);
googleProvider
.
setCustomParameters
({
'login_hint'
:
'user@example.com'
});
// Once signed in, return the UserCredential
return
await
FirebaseAuth
.
instance
.
signInWithPopup
(
googleProvider
);
// Or use signInWithRedirect
// return await FirebaseAuth.instance.signInWithRedirect(googleProvider);
}
Google Play Games (Android only)
Ensure the "Play Games" sign-in provider is enabled on the Firebase Console . Follow these instructions for Play Games Firebase project set-up .
Follow these instructions for configuring Play Games services with your Firebase app.
Android
Future<void>
_signInWithPlayGames
()
async
{
// Get server auth code from 3rd party provider
// See PR description for details on how you might get the server auth code:
// https://github.com/firebase/flutterfire/pull/12201#issue-2100392487
final
serverAuthCode
=
'...'
;
final
playGamesCredential
=
PlayGamesAuthProvider
.
credential
(
serverAuthCode:
serverAuthCode
);
await
FirebaseAuth
.
instance
.
signInWithCredential
(
playGamesCredential
);
}
Before getting started setup your Facebook Developer App and follow the setup process to enable Facebook Login.
Ensure the "Facebook" sign-in provider is enabled on the Firebase Console . with the Facebook App ID and Secret set.
iOS+ and Android
On native platforms, a 3rd party library is required to both install the Facebook SDK and trigger the authentication flow.
Install the flutter_facebook_auth
plugin.
You will need to follow the steps in the plugin documentation to ensure that both the Android & iOS Facebook SDKs have been initialized correctly. Once complete, trigger the sign-in flow, create a Facebook credential and sign the user in:
import
'package:flutter_facebook_auth/flutter_facebook_auth.dart'
;
Future<UserCredential>
signInWithFacebook
()
async
{
// Trigger the sign-in flow
final
LoginResult
loginResult
=
await
FacebookAuth
.
instance
.
login
();
// Create a credential from the access token
final
OAuthCredential
facebookAuthCredential
=
FacebookAuthProvider
.
credential
(
loginResult
.
accessToken
.
token
);
// Once signed in, return the UserCredential
return
FirebaseAuth
.
instance
.
signInWithCredential
(
facebookAuthCredential
);
}
Web
On the web, the Firebase SDK provides support for automatically handling the authentication flow using the Facebook application details provided on the Firebase console. For example:
Create a Facebook provider, providing any additional permission scope you wish to obtain from the user.
Ensure that the OAuth redirect URI from the Firebase console is added as a valid OAuth Redirect URI in your Facebook App.
FacebookAuthProvider
facebookProvider
=
FacebookAuthProvider
();
facebookProvider
.
addScope
(
'email'
);
facebookProvider
.
setCustomParameters
({
'display'
:
'popup'
,
});
Provide the credential to the signInWithPopup
method. This will trigger a new
window to appear prompting the user to sign-in to your Facebook application:
Future<UserCredential>
signInWithFacebook
()
async
{
// Create a new provider
FacebookAuthProvider
facebookProvider
=
FacebookAuthProvider
();
facebookProvider
.
addScope
(
'email'
);
facebookProvider
.
setCustomParameters
({
'display'
:
'popup'
,
});
// Once signed in, return the UserCredential
return
await
FirebaseAuth
.
instance
.
signInWithPopup
(
facebookProvider
);
// Or use signInWithRedirect
// return await FirebaseAuth.instance.signInWithRedirect(facebookProvider);
}
Apple
iOS+
Before you begin, configure Sign In with Apple and enable Apple as a sign-in provider .
Next, make sure that your Runner
apps have the "Sign in with Apple" capability.
Android
Before you begin, configure Sign In with Apple and enable Apple as a sign-in provider .
Web
Before you begin, configure Sign In with Apple and enable Apple as a sign-in provider .
import
'package:firebase_auth/firebase_auth.dart'
;
Future<UserCredential>
signInWithApple
()
async
{
final
appleProvider
=
AppleAuthProvider
();
if
(
kIsWeb
)
{
await
FirebaseAuth
.
instance
.
signInWithPopup
(
appleProvider
);
}
else
{
await
FirebaseAuth
.
instance
.
signInWithProvider
(
appleProvider
);
}
}
Apple platform sign-in only
Apple sign-in on iOS+ platforms can also be achieved with the following method:
// Implement a function that generates a nonce. See iOS documentation for how to create a nonce:
// https://firebase.google.com/docs/auth/ios/apple#sign_in_with_apple_and_authenticate_with_firebase
String
rawNonce
=
createNonce
();
// Create a SHA-256 hash of the nonce. Consider using the `crypto` package from the pub.dev registry.
String
hashSHA256String
=
createHashSHA256String
(
rawNonce
);
// Use the hash of the nonce to get the idToken. Consider using the `sign_in_with_apple` plugin from the pub.dev registry.
String
idToken
=
await
getIdToken
();
final
fullName
=
AppleFullPersonName
(
familyName:
'Name'
,
givenName:
'Your'
,
);
// Use the `rawNonce` and `idToken` to get the credential
final
credential
=
AppleAuthProvider
.
credentialWithIDToken
(
idToken
,
rawNonce
,
fullName
,
);
await
FirebaseAuth
.
instance
.
signInWithCredential
(
credential
);
Revoke Apple auth tokens
Apple sign-in on Apple platforms returns an authorization code that can be used
to revoke the Apple auth token using the revokeTokenWithAuthorizationCode()
API.
import
'package:firebase_auth/firebase_auth.dart'
;
Future<UserCredential>
signInWithApple
()
async
{
final
appleProvider
=
AppleAuthProvider
();
UserCredential
userCredential
=
await
FirebaseAuth
.
instance
.
signInWithPopup
(
appleProvider
);
// Keep the authorization code returned from Apple platforms
String
?
authCode
=
userCredential
.
additionalUserInfo
?
.
authorizationCode
;
// Revoke Apple auth token
await
FirebaseAuth
.
instance
.
revokeTokenWithAuthorizationCode
(
authCode
!
);
}
Apple Game Center (Apple only)
Ensure the "Game Center" sign-in provider is enabled on the Firebase Console . Follow these instructions for Game Center Firebase project set-up .
You will need to login with Game Center before a Firebase Game Center credential can be issued and logged in via Firebase. Here are some instructions on how that can be achieved.
iOS+
Future<void>
_signInWithGameCenter
()
async
{
final
credential
=
GameCenterAuthProvider
.
credential
();
await
FirebaseAuth
.
instance
.
signInWithCredential
(
credential
);
}
Microsoft
iOS+
Before you begin configure Microsoft Login for iOS and add the custom URL schemes to your Runner (step 1) .
Android
Before you begin configure Microsoft Login for Android .
Don't forget to add your app's SHA-1 fingerprint.
Web
Before you begin configure Microsoft Login for Web .
import
'package:firebase_auth/firebase_auth.dart'
;
Future<UserCredential>
signInWithMicrosoft
()
async
{
final
microsoftProvider
=
MicrosoftAuthProvider
();
if
(
kIsWeb
)
{
await
FirebaseAuth
.
instance
.
signInWithPopup
(
microsoftProvider
);
}
else
{
await
FirebaseAuth
.
instance
.
signInWithProvider
(
microsoftProvider
);
}
}
Ensure the "Twitter" sign-in provider is enabled on the Firebase Console with an API Key and API Secret set. Ensure your Firebase OAuth redirect URI (e.g. my-app-12345.firebaseapp.com/__/auth/handler) is set as your Authorization callback URL in your app's settings page on your Twitter app's config .
You also might need to request elevated API access depending on your app .
iOS+
You need to configure your custom URL scheme as described in iOS guide step 1 .
Android
If you haven't yet specified your app's SHA-1 fingerprint, do so from the Settings page of the Firebase console. Refer to Authenticating Your Client for details on how to get your app's SHA-1 fingerprint.
Web
Works out of the box.
import
'package:firebase_auth/firebase_auth.dart'
;
Future<void>
_signInWithTwitter
()
async
{
TwitterAuthProvider
twitterProvider
=
TwitterAuthProvider
();
if
(
kIsWeb
)
{
await
FirebaseAuth
.
instance
.
signInWithPopup
(
twitterProvider
);
}
else
{
await
FirebaseAuth
.
instance
.
signInWithProvider
(
twitterProvider
);
}
}
GitHub
Ensure that you have setup an OAuth App from your GitHub Developer Settings and that the "GitHub" sign-in provider is enabled on the Firebase Console with the Client ID and Secret are set, with the callback URL set in the GitHub app.
iOS+ and Android
For native platforms, you need to add the google-services.json
and GoogleService-Info.plist
.
For iOS, add the custom URL scheme as described on the iOS guide step 1.
Future<UserCredential>
signInWithGitHub
()
async
{
// Create a new provider
GithubAuthProvider
githubProvider
=
GithubAuthProvider
();
return
await
FirebaseAuth
.
instance
.
signInWithProvider
(
githubProvider
);
}
Web
On the web, the GitHub SDK provides support for automatically handling the authentication flow using the GitHub application details provided on the Firebase console. Ensure that the callback URL in the Firebase console is added as a callback URL in your GitHub application on the developer console.
For example:
Create a GitHub provider and provide the credential to the signInWithPopup
method. This will trigger a new
window to appear prompting the user to sign-in to your GitHub application:
Future<UserCredential>
signInWithGitHub
()
async
{
// Create a new provider
GithubAuthProvider
githubProvider
=
GithubAuthProvider
();
// Once signed in, return the UserCredential
return
await
FirebaseAuth
.
instance
.
signInWithPopup
(
githubProvider
);
// Or use signInWithRedirect
// return await FirebaseAuth.instance.signInWithRedirect(githubProvider);
}
Yahoo
Ensure the "Yahoo" sign-in provider is enabled on the Firebase Console with an API Key and API Secret set. Also make sure your Firebase OAuth redirect URI (e.g. my-app-12345.firebaseapp.com/__/auth/handler) is set as a redirect URI in your app's Yahoo Developer Network configuration.
iOS+
Before you begin, configure Yahoo Login for iOS and add the custom URL schemes to your Runner (step 1) .
Android
Before you begin, configure Yahoo Login for Android .
Don't forget to add your app's SHA-1 fingerprint.
Web
Works out of the box.
import
'package:firebase_auth/firebase_auth.dart'
;
Future<UserCredential>
signInWithYahoo
()
async
{
final
yahooProvider
=
YahooAuthProvider
();
if
(
kIsWeb
)
{
await
_auth
.
signInWithPopup
(
yahooProvider
);
}
else
{
await
_auth
.
signInWithProvider
(
yahooProvider
);
}
}
Using the OAuth access token
By using an AuthProvider, you can retrieve the access token associated with the provider by making the following request.
final
appleProvider
=
AppleAuthProvider
();
final
user
=
await
FirebaseAuth
.
instance
.
signInWithProvider
(
appleProvider
);
final
accessToken
=
user
.
credential
?
.
accessToken
;
// You can send requests with the `accessToken`
Linking an Authentication Provider
If you want to link a provider to a current user, you can use the following method:
await
FirebaseAuth
.
instance
.
signInAnonymously
();
final
appleProvider
=
AppleAuthProvider
();
if
(
kIsWeb
)
{
await
FirebaseAuth
.
instance
.
currentUser
?
.
linkWithPopup
(
appleProvider
);
// You can also use `linkWithRedirect`
}
else
{
await
FirebaseAuth
.
instance
.
currentUser
?
.
linkWithProvider
(
appleProvider
);
}
// You're anonymous user is now upgraded to be able to connect with Sign In With Apple
Reauthenticate with provider
The same pattern can be used with reauthenticateWithProvider
which can be used to retrieve fresh
credentials for sensitive operations that require recent login.
final
appleProvider
=
AppleAuthProvider
();
if
(
kIsWeb
)
{
await
FirebaseAuth
.
instance
.
currentUser
?
.
reauthenticateWithPopup
(
appleProvider
);
// Or you can reauthenticate with a redirection
// await FirebaseAuth.instance.currentUser?.reauthenticateWithRedirect(appleProvider);
}
else
{
await
FirebaseAuth
.
instance
.
currentUser
?
.
reauthenticateWithProvider
(
appleProvider
);
}
// You can now perform sensitive operations
