Firebase Auth Quickstart

This Firebase quickstart is written in Swift and aims to showcase how Firebase Auth can help manage user authentication. You can read more about Firebase Auth here!

To view the older Objective-C and Swift quickstarts, view the LegacyAuthQuickstart directory.

Getting Started

Firebase Auth offers multiple ways to authenticate users. In this quickstart, we demonstrate how you can use Firebase Auth to authenticate users by providing implementations for the various authentication flows. Since each Firebase Auth flow is different, each may require a few extra steps to set everything up. Feel free to follow along and configure as many authentication flows as you would like to demo!

Ready? Let's get started! 🏎💨

Clone this project and cd into the AuthenticationExample directory. Run pod install. This command will install all of the required cocoapods for this quickstart and generate a .xcworkspace project. Go ahead and open the AuthenticationExample.xcworkspace project.

Terminal commands to clone and open the project!


$ git clone https://github.com/firebase/quickstart-ios.git

$ cd authentication/

$ pod install --repo-update

$ open AuthenticationExample.xcworkspace

Connecting to the Firebase Console

We will need to connect our quickstart with the Firebase Console. For an in depth explanation, you can read more about adding Firebase to your iOS Project.

Here's a summary of the steps!

  1. Visit the Firebase Console and create a new app.
  2. Add an iOS app to the project. Make sure the Bundle Identifier you set for this iOS App matches that of the one in this quickstart.
  3. Download the GoogleService-Info.plist when prompted.
  4. Drag the downloaded GoogleService-Info.plist into the opened quickstart app. In Xcode, you can also add this file to the project by going to File-> Add Files to 'AuthenticationExample' and selecting the downloaded .plist file. Be sure to add the .plist file to the app's main target.
  5. At this point, you can build and run the quickstart! 🎉

Configuring Identity Providers

To enable sign in with each of the following identity providers, there are a few configuration steps required to make sure everything works properly.

When it comes to configuring most of the below identity providers, you may have to add a custom URL scheme in your Xcode project so Firebase Auth can correctly work with the corresponding Identity Provider. This is done by selecting the app's target in Xcode and navigating to the Info tab. For each login flow that requires adding a custom URL scheme, be sure to add a new URL Scheme for each respective identity provider rather than replace existing schemes you have created previously.

Google Sign In

We have already included the GoogleSignIn cocoapod in the quickstart's Podfile. This cocoapod is required for Google Sign In.

Start by going to the Firebase Console and navigate to your project:

  • Select the Auth panel and then click the Sign In Method tab.

  • Click Google and turn on the Enable switch, then click Save.

  • In Xcode, add a custom URL scheme for your reversed client ID.

    • You can find this in the GoogleService-Info.plist. This is the value associated with the REVERSED_CLIENT_ID key in the GoogleService-Info.plist file.
    • For the URL Type's Identifier, something like "Firebase Auth" adds some context for what the reversed link is related to.
    • In Xcode, select the quickstart's target and navigate to the Info tab. Look for the URL Types section. Expand the section and add a 'URL Type' and by pasting in the URL and, optionally, adding an identifier.
  • Run the app on your device or simulator.

  • Choose Google under Identity Providers to launch the Google Sign In flow

  • See the Getting Started with Google Sign In guide for more details.

Sign in with Apple

As outlined in the docs, Sign in with Apple requires enabling the Sign In with Apple Capability in this quickstart's Xcode project.

Start by going to the Firebase Console and navigate to your project:

  • Select the Auth panel and then click the Sign In Method tab.
  • Click Apple and turn on the Enable switch, then click Save.
  • Run the app on your device or simulator.
  • Choose Apple under Identity Providers to launch the Sign in with Apple flow
  • See the Getting Started with Apple Sign In guide for more details.

Twitter

Start by going to the Firebase Console and navigate to your project:

  • Select the Auth panel and then click the Sign In Method tab.
  • Click Twitter and turn on the Enable switch, then click Save.
  • You'll need to register an app on Twitter's developer portal to obtain the API Key and App Secret.
  • After registering an app on Twitter's developer portal, enter your Twitter API Key and App Secret and then click Save.
  • Make sure your Firebase OAuth redirect URI (e.g. my-app-12345.firebaseapp.com/__/auth/handler) is set as your
    Authorization callback URL in your app's settings page on your Twitter app's config.
    • In Xcode, add a custom URL scheme for your reversed client ID.
      • Note that you may have already done this previously
      • You can find this in the GoogleService-Info.plist
    • Run the app on your device or simulator.
    • Choose Twitter under Identity Providers to launch the Twitter Sign In flow

Microsoft

Start by going to the Firebase Console and navigate to your project:

  • Select the Auth panel and then click the Sign In Method tab.
    • Click Microsoft and turn on the Enable switch, then click Save.
    • You'll need to register an app on Microsoft's developer portal to obtain the Application Id and Application Secret.
    • After registering an app on Microsoft's developer portal, enter your Microsoft Application Id and Application Secret and then click Save.
    • Make sure your Firebase OAuth redirect URI (e.g. my-app-12345.firebaseapp.com/__/auth/handler) is set as your
      Authorization callback URL in your app's settings page on your Microsoft app's config.
  • In Xcode, add a custom URL scheme for your reversed client ID.
    • Note that you may have already done this in a previous step
    • You can find this in the GoogleService-Info.plist
  • Run the app on your device or simulator.
  • Choose Microsoft under Identity Providers to launch the Microsoft Sign In flow

See the Getting Started with Microsoft Sign In guide for more details.

GitHub

Start by going to the Firebase Console and navigate to your project:

  • Select the Auth panel and then click the Sign In Method tab.
    • Click GitHub and turn on the Enable switch, then click Save.
    • You'll need to register an app on GitHub's developer portal to obtain the Client ID and Client Secret.
    • After registering an app on GitHub's developer portal, enter your GitHub Client ID and Client Secret and then click Save.
    • Make sure your Firebase OAuth redirect URI (e.g. my-app-12345.firebaseapp.com/__/auth/handler) is set as your
      Authorization callback URL in your app's settings page on your GitHub app's config.
  • In Xcode, add a custom URL scheme for your reversed client ID.
    • Note that you may have already done this in a previous step
    • You can find this in the GoogleService-Info.plist
  • Run the app on your device or simulator.
  • Choose GitHub under Identity Providers to launch the GitHub Sign In flow

See the Getting Started with GitHub Sign In guide for more details.

Yahoo

Start by going to the Firebase Console and navigate to your project:

  • Select the Auth panel and then click the Sign In Method tab.
    • Click Yahoo and turn on the Enable switch, then click Save.
    • You'll need to register an app on Yahoo's developer portal to obtain the Client ID and Client Secret.
    • After registering an app on Yahoo's developer portal, enter your Yahoo Client ID and Client Secret and then click Save.
    • Make sure your Firebase OAuth redirect URI (e.g. my-app-12345.firebaseapp.com/__/auth/handler) is set as your
      Authorization callback URL in your app's settings page on your Yahoo app's config.
  • In Xcode, add a custom URL scheme for your reversed client ID.
    • You can find this in the GoogleService-Info.plist
  • Run the app on your device or simulator.
  • Choose Yahoo under Identity Providers to launch the Yahoo Sign In flow

See the Getting Started with Yahoo Sign In guide for more details.

Facebook

We have already included the FBSDKLoginKit cocoapod in the quickstart's Podfile. This cocoapod is required for Sign In with Facebook.

  • Go to the Facebook Developers Site and follow all instructions to set up a new iOS app. When asked for a bundle ID, use com.google.firebase.quickstart.AuthenticationExample. This is the default bundle identifier for this quickstart. If you change it, be sure that the bundle identifer entered on the Facebook developer console matches that of the bundle idetifier for the quickstart.
  • Go to the Firebase Console and navigate to your project:
    • Select the Auth panel and then click the Sign In Method tab.
    • Click Facebook and turn on the Enable switch, then click Save.
    • Enter your Facebook App Id and App Secret and click Save.
  • To finish configuring the Facebook Login Flow:
  • Replace the value of kFacebookAppID at the top of AuthViewController.swift with your Facebook App Id
  • Run the app on your device or simulator.
  • Choose Facebook under Identity Providers to launch the Facebook Sign In flow

Email/Password Setup

Start by going to the Firebase Console and navigate to your project:

  • Select the Auth panel and then click the Sign In Method tab.
  • Click Email/Password and turn on the Enable switch, then click Save.
    • Run the app on your device or simulator.
    • Choose Email & Password to launch the Email & Password Sign In flow

See the Getting Started with Password-based Sign In guide for more details.

Other Auth Methods

Email Link authentication, which is also referred to as Passwordless authentication, works by sending a verification email to a user requesting to sign in. This verification email contains a special Dynamic Link that links the user back to your app, completing authentication in the process. In order to configure this method of authentication, we will use Firebase Dynamic Links, which we will need to set up.

If this is your first time working with Dynamic Links, here's a great introduction video from Firebase's Firecast series on YouTube. Note, we will outline most of the steps covered in this tutorial below!

Start by going to the Firebase Console and navigate to your project:

  • Select the Auth panel and then click the Sign In Method tab.
  • Click Email/Password and ensure it is enabled.
  • Turn on Email link (passwordless sign-in), then click Save.

As we mentioned above, we will need to configure dynamic links for this auth flow.

  • Go to the project's settings on the Firebase console. When enabling dynamic links, you will need to add an App Store ID and a Team ID. Feel free to make up the App Store ID (ex: 123456789). For the Team ID, enter an id affiliated with an Apple Developer account.
  • Navigate to the Dynamic Links in the Firebase Console and click Get Started
  • Enter a domain. Something like authenticationexample.page.link works. Note, this domain will likely be taken so adjust authenticationexample accordingly (ex: authenticationexample123). Either way, be sure to add the .page.link to complete the domain link!
  • Now, copy the domain you created above and navigate in Xcode to the Signing & Capabilities tab of the app's main target. You will need to add the Associated Domains capability. If your project has automatically manage signing checked (also on this tab), you can add the Associated Domains capability by tapping the "+" button (also on that tab). If not, you will need to add this capability on the Apple Developer console and download the resulting provisioning profile before moving to the next steps. Please refer to the Firebase docs for more info.
  • Once you have the Associated Domains capability enabled and have copied the domain you created on the Firebase Console, paste applinks:[insert the domain you copied] into the Associated Domains section on either Xcode or Apple developer console (depending on how you set up Associated Domains in the previous step)
    • Example: applinks: authenticationexample.page.link
  • Now let's create the dynamic link that will be used in the Passwordless login flow. Return to the Dynamic Links tab on the Firebase Console. Click New Dynamic Link, then:

    • Setup your short URL. Feel free to put whatever here, like "demo", "login, or "passwordless" for example. Click Next.
    • For the Deep Link URL, configure the URL to look like:
         https://[insert an authorized domain]/login?email=email
      

      For the authorized domain ⬆, go to the the Authentication tab, then click the "Sign-in method", and scroll down to the "Authorized domains" section. Copy the domain that looks like [the app's name].firebaseapp.com. Paste this entire domain into the Deep Link we are creating above. You can also instead whitelist the dynamic links URL prefix and use that here as well.

    • On step 3, Define link behavior for iOS, select Open the deep link in your iOS App and make sure your app is selected in the drop down.
    • Configure the following steps as you please and then hit Create!
    • Dynamic links use your app's bundle identifier as a url scheme by default. In Xcode, add a custom URL scheme for your bundle identifier.
    • Last todo! Navigate to sendSignInLink() in PasswordlessViewController.swift. Within the method, there is a stringURL constant. Paste in the long deeplink you created from the steps above for the authroizedDomain property above the method. It should look something like:
      let stringURL = "https://\(authorizedDomain).firebaseapp.com/login?email=\(email)"
      
  • Run the app on your device or simulator.

    • Select Email Link/Passwordless. This will present a login screen where you can enter an email for the verification email to be sent to.
    • Enter an email and tap Send Sign In Link. While keeping the current view controller displayed, switch to a mail app and wait to receive the verification email.
    • Once the email has been received, open it and tap the sign in link. This will link back to the quickstart and finish the login flow.

See the Getting Started with Email Link/Passwordless Sign In guide for more details.

So how does this work?

We will start by taking a look at PasswordlessViewController.swift. If you are currently running the quickstart app, select the "Email Link/Passwordless" authentication option.

The user is prompted for an email to be used in the verification process. When the Send Sign In Link button is tapped, we configure our verification link by adding the user's email to the dynamic link we created earlier. Then we send a send the link to the user's email. You can edit the format of these verification emails on the Firebase Console.

When the user receives the verification email, they can open the link contained in the email to be redirected back to the app (using the power of Dynamic Links 😎. On apps using the SceneDelegate API, opening the incoming dynamic link will be handled in UIWindowSceneDelegate's func scene(_ scene: UIScene, continue userActivity: NSUserActivity) method. This method can be implemented in SceneDelegate.swift. Since the quickstart uses the SceneDelegate API, you can check out the implementation here. We basically pass the incoming link to a helper method that will do a few things:

// SceneDelegate.swift

private func handleIncomingDynamicLink(_ incomingURL: URL) {

    DynamicLinks.dynamicLinks().handleUniversalLink(incomingURL) { (dynamicLink, error) in

    // Handle the potential `error`

    guard let link = dynamicLink?.url?.absoluteString else { return }

    // Here, we check if our dynamic link is a sign-link (the one we emailed our user!)
    if Auth.auth().isSignIn(withEmailLink: link) {

        // Save the link as it will be used in the next step to complete login
        UserDefaults.standard.set(link, forKey: "Link")

        // Post a notification to the PasswordlessViewController to resume authentication
        NotificationCenter.default.post(Notification(name: Notification.Name("PasswordlessEmailNotificationSuccess")))
        }
    }
}

If the incoming dynamic link is a sign-in link, then we post a notification that pretty much says: "Hey! A user just opened a verification dynamic link that we emailed them and we need to complete the authentication!"

This takes us back to our PasswordlessViewController.swift, where we registered for this exact notification! When the notification is posted, we will receive it here and call the passwordlessSignIn() method to complete the authentication. In this method, we used Firebase Auth's Auth.auth().signIn(withEmail: String, link: String) which, behind the scenes, checks that this link was the link we originally sent to the associated email and if so, signs in the user! 🥳

Phone Number

When Firebase Auth uses Phone Number authentication, Auth will attempt to send a silent Apple Push Notification (APN) to the device to confirm that the phone number being used is associated with the device. If APNs (which, like Sign In with Apple, are a capability you can enable in Xcode or on the Apple Developer Console) are not enabled or configured correctly, Auth will instead present a web view with a reCAPTCHA verification flow.

Start by going to the Firebase Console and navigate to your project:

  • Select the Auth panel and then click the Sign In Method tab.
  • Click Phone and turn on the Enable switch, then click Save.
  • Run the app on your device or simulator.
  • Choose Phone Number to launch the Phone Number Authentication flow
  • After entering a phone number, please wait roughly 5 seconds to allow Firebase Auth to present the necessary flow. See the official Firebase docs for phone authentication for more info!

Anonymous Authentication

Start by going to the Firebase Console and navigate to your project:

  • Select the Auth panel and then click the Sign In Method tab.
  • Click Anonymous and turn on the Enable switch, then click Save.
  • Run the app on your device or simulator.
  • Choose Anonymous Authentication to launch the Anonymous Sign In flow See the official Firebase docs for anonymous authentication for more info!

Custom Auth System

Firebase Auth can manage authentication for use cases that utilize a custom auth system. Ensure you have an authentication server capable of producing custom signed tokens. When a user signs in, make a request for a signed token from your authentication server.

After your server returns the token, pass that into Firebase Auth's signIn(withCustomtoken: String) method to complete the authentication process. In the quickstart, you can demo signing in with tokens you generate. See CustomAuthViewController.swift for more info.

If you wish to setup a custom auth system. The below steps can help in its configuration.

  • In the Firebase Console, navigate to Project settings:
    • Navigate to the Service accounts tab.
    • Locate the section All service account, and click on the X service accounts link. This will take you to the Google Cloud Console.
  • In the Google Cloud Console:
    • Make sure the right Firebase project is selected.
    • From the left "hamburger" menu navigate to the API Manager tab.
    • Click on the Credentials item in the left column.
    • Click New credentials and select Service account key. Select New service account, pick any name, and select JSON as the key type. Then click Create.
    • You should now have a new JSON file for your service account in your Downloads directory.
  • Open the file web/auth.html in your computer's web browser. The auth.html file can now be found in the current directory's LegacyAuthQuickstart subdirectory.
    • Click Choose File and upload the JSON file you just downloaded.
    • Enter any User ID and click Generate.
    • Copy the token link displayed.
  • Run the app on your device or simulator.
    • Select Custom Auth system
    • Paste in the token you generated earlier.
    • Pressing Login should then login the token's affiliated user.

Support

License

Copyright 2020 Google LLC

Licensed to the Apache Software Foundation (ASF) under one or more contributor

license agreements. See the NOTICE file distributed with this work for

additional information regarding copyright ownership. The ASF licenses this

file to you under the Apache License, Version 2.0 (the "License"); you may not

use this file except in compliance with the License. You may obtain a copy of

the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS, WITHOUT

WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the

License for the specific language governing permissions and limitations under

the License.