This Firebase quickstart is written in Swift and aims to showcase how Firebase Auth can help manage user authentication. You can read more about Firebase Auth here!
To view the older Objective-C and Swift quickstarts, view the LegacyAuthQuickstart
directory.
Firebase Auth offers multiple ways to authenticate users. In this quickstart, we demonstrate how you can use Firebase Auth to authenticate users by providing implementations for the various authentication flows. Since each Firebase Auth flow is different, each may require a few extra steps to set everything up. Feel free to follow along and configure as many authentication flows as you would like to demo!
Ready? Let's get started! 🏎💨
Clone this project and cd
into the AuthenticationExample
directory. Run pod install
. This command will install all of the required CocoaPods for this quickstart and generate a .xcworkspace
project. Go ahead and open the AuthenticationExample.xcworkspace
project.
$ git clone https://github.com/firebase/quickstart-ios.git
$ cd authentication/
$ pod install --repo-update
$ open AuthenticationExample.xcworkspace
Connecting to the Firebase Console
We will need to connect our quickstart with the Firebase Console. For an in depth explanation, you can read more about adding Firebase to your iOS Project.
- Visit the Firebase Console and create a new app.
- Add an iOS app to the project. Make sure the
Bundle Identifier
you set for this iOS App matches that of the one in this quickstart. - Download the
GoogleService-Info.plist
when prompted. - Drag the downloaded
GoogleService-Info.plist
into the opened quickstart app. In Xcode, you can also add this file to the project by going toFile
->Add Files to 'AuthenticationExample'
and selecting the downloaded.plist
file. Be sure to add the.plist
file to the app's main target. - At this point, you can build and run the quickstart! 🎉
To enable sign in with each of the following identity providers, there are a few configuration steps required to make sure everything works properly.
When it comes to configuring most of the below identity providers, you may have to add a custom URL scheme in your Xcode project so Firebase Auth can correctly work with the corresponding Identity Provider. This is done by selecting the app's target in Xcode and navigating to the Info tab. For each login flow that requires adding a custom URL scheme, be sure to add a new URL Scheme for each respective identity provider rather than replace existing schemes you have created previously.
We have already included the GoogleSignIn
CocoaPod in the quickstart's Podfile
. This CocoaPod is required for Google Sign In.
Start by going to the Firebase Console and navigate to your project:
-
Select the Auth panel and then click the Sign In Method tab.
-
Click Google and turn on the Enable switch, then click Save.
-
In Xcode, add a custom URL scheme for your reversed client ID.
- You can find this in the
GoogleService-Info.plist
. This is the value associated with theREVERSED_CLIENT_ID
key in theGoogleService-Info.plist
file. - For the
URL Type
's Identifier, something like "Firebase Auth" adds some context for what the reversed link is related to. - In Xcode, select the quickstart's target and navigate to the
Info
tab. Look for theURL Types
section. Expand the section and add a 'URL Type' and by pasting in the URL and, optionally, adding an identifier.
- You can find this in the
-
Run the app on your device or simulator.
-
Choose Google under Identity Providers to launch the Google Sign In flow
-
See the Getting Started with Google Sign In guide for more details.
As outlined in the docs, Sign in with Apple requires enabling the Sign In with Apple Capability
in this quickstart's Xcode project.
Start by going to the Firebase Console and navigate to your project:
- Select the Auth panel and then click the Sign In Method tab.
- Click Apple and turn on the Enable switch, then click Save.
- Run the app on your device or simulator.
- Choose Apple under Identity Providers to launch the Sign in with Apple flow
- See the Getting Started with Apple Sign In guide for more details.
Start by going to the Firebase Console and navigate to your project:
-
Select the Auth panel and then click the Sign In Method tab.
-
Click Twitter and turn on the Enable switch, then click Save.
-
You'll need to register an app on Twitter's developer portal to obtain the API Key and App Secret.
-
After registering an app on Twitter's developer portal, enter your Twitter API Key and App Secret and then click Save.
-
Make sure your Firebase OAuth redirect URI (e.g. my-app-12345.firebaseapp.com/__/auth/handler) is set as your
Authorization callback URL in your app's settings page on your Twitter app's config. -
In Xcode, add a custom URL scheme for your reversed client ID.
- Note that you may have already done this previously
- You can find this in the
GoogleService-Info.plist
-
Run the app on your device or simulator.
-
Choose Twitter under Identity Providers to launch the Twitter Sign In flow
-
See the Getting Started with Twitter Sign In guide for more details.
Start by going to the Firebase Console and navigate to your project:
- Select the Auth panel and then click the Sign In Method tab.
- Click Microsoft and turn on the Enable switch, then click Save.
- You'll need to register an app on Microsoft's developer portal to obtain the Application Id and Application Secret.
- After registering an app on Microsoft's developer portal, enter your Microsoft Application Id and Application Secret and then click Save.
- Make sure your Firebase OAuth redirect URI (e.g. my-app-12345.firebaseapp.com/__/auth/handler) is set as your
Authorization callback URL in your app's settings page on your Microsoft app's config.
- In Xcode, add a custom URL scheme for your reversed client ID.
- Note that you may have already done this in a previous step
- You can find this in the
GoogleService-Info.plist
- Run the app on your device or simulator.
- Choose Microsoft under Identity Providers to launch the Microsoft Sign In flow
See the Getting Started with Microsoft Sign In guide for more details.
Start by going to the Firebase Console and navigate to your project:
- Select the Auth panel and then click the Sign In Method tab.
- Click GitHub and turn on the Enable switch, then click Save.
- You'll need to register an app on GitHub's developer portal to obtain the Client ID and Client Secret.
- After registering an app on GitHub's developer portal, enter your GitHub Client ID and Client Secret and then click Save.
- Make sure your Firebase OAuth redirect URI (e.g. my-app-12345.firebaseapp.com/__/auth/handler) is set as your
Authorization callback URL in your app's settings page on your GitHub app's config.
- In Xcode, add a custom URL scheme for your reversed client ID.
- Note that you may have already done this in a previous step
- You can find this in the
GoogleService-Info.plist
- Run the app on your device or simulator.
- Choose GitHub under Identity Providers to launch the GitHub Sign In flow
See the Getting Started with GitHub Sign In guide for more details.
Start by going to the Firebase Console and navigate to your project:
- Select the Auth panel and then click the Sign In Method tab.
- Click Yahoo and turn on the Enable switch, then click Save.
- You'll need to register an app on Yahoo's developer portal to obtain the Client ID and Client Secret.
- After registering an app on Yahoo's developer portal, enter your Yahoo Client ID and Client Secret and then click Save.
- Make sure your Firebase OAuth redirect URI (e.g. my-app-12345.firebaseapp.com/__/auth/handler) is set as your
Authorization callback URL in your app's settings page on your Yahoo app's config.
- In Xcode, add a custom URL scheme for your reversed client ID.
- You can find this in the
GoogleService-Info.plist
- You can find this in the
- Run the app on your device or simulator.
- Choose Yahoo under Identity Providers to launch the Yahoo Sign In flow
See the Getting Started with Yahoo Sign In guide for more details.
We have already included the FBSDKLoginKit
CocoaPod in the quickstart's Podfile
. This CocoaPod is required for Sign In with Facebook.
- Go to the Facebook Developers Site and follow all
instructions to set up a new iOS app. When asked for a bundle ID, use
com.google.firebase.quickstart.AuthenticationExample
. This is the default bundle identifier for this quickstart. If you change it, be sure that the bundle identifer entered on the Facebook developer console matches that of the bundle identifier for the quickstart. - Follow Facebook's iOS getting started guide. You can skip steps 1 and 3 since we've already set up the dependencies and initialization code in this sample.
- Go to the Firebase Console and navigate to your project:
- Select the Auth panel and then click the Sign In Method tab.
- Click Facebook and turn on the Enable switch, then click Save.
- Enter your Facebook App Id and App Secret and click Save.
- To finish configuring the Facebook Login Flow:
- Replace the value of
kFacebookAppID
at the top of AuthViewController.swift with your Facebook App Id- Note, you can also configure Facebook Login in the quickstart's
Info.plist
- In Xcode, add a custom URL scheme for your Facebook App Id.
- The URL Scheme should be in the format of
'fb' + the Facebook App Id
- Example:
fb1234567890
- Example:
- Note, you can also configure Facebook Login in the quickstart's
- Run the app on your device or simulator.
- Choose Facebook under Identity Providers to launch the Facebook Sign In flow
Start by going to the Firebase Console and navigate to your project:
- Select the Auth panel and then click the Sign In Method tab.
- Click Email/Password and turn on the Enable switch, then click Save.
- Run the app on your device or simulator.
- Choose Email & Password to launch the Email & Password Sign In flow
See the Getting Started with Password-based Sign In guide for more details.
Email Link authentication, which is also referred to as Passwordless authentication, works by sending a verification email to a user requesting to sign in. This verification email contains a special Dynamic Link that links the user back to your app, completing authentication in the process. In order to configure this method of authentication, we will use Firebase Dynamic Links, which we will need to set up.
Start by going to the Firebase Console and navigate to your project:
- Select the Auth panel and then click the Sign In Method tab.
- Click Email/Password and ensure it is enabled.
- Turn on Email link (passwordless sign-in), then click Save.
As we mentioned above, we will need to configure dynamic links for this auth flow.
- Go to the project's settings on the Firebase console. When enabling dynamic links, you will need to add an App Store ID and a Team ID. Feel free to make up the App Store ID (ex: 123456789). For the Team ID, enter an id affiliated with an Apple Developer account.
- Navigate to the Dynamic Links in the Firebase Console and click Get Started
- Enter a domain. Something like authenticationexample.page.link works. Note, this domain will likely be taken so adjust authenticationexample accordingly (ex: authenticationexample123). Either way, be sure to add the .page.link to complete the domain link!
- Now, copy the domain you created above and navigate in Xcode to the Signing & Capabilities tab of the app's main target. You will need to add the Associated Domains capability. If your project has automatically manage signing checked (also on this tab), you can add the Associated Domains capability by tapping the "+" button (also on that tab). If not, you will need to add this capability on the Apple Developer console and download the resulting provisioning profile before moving to the next steps. Please refer to the Firebase docs for more info.
- Once you have the Associated Domains capability enabled and have copied the domain you created on the Firebase Console, paste
applinks:[insert the domain you copied]
into the Associated Domains section on either Xcode or Apple developer console (depending on how you set up Associated Domains in the previous step)- Example:
applinks: authenticationexample.page.link
- Example:
- Now let's create the dynamic link that will be used in the Passwordless login flow. Return to the Dynamic Links tab on the Firebase Console. Click New Dynamic Link, then:
- Setup your short URL. Feel free to put whatever here, like "demo", "login, or "passwordless" for example. Click Next.
- For the Deep Link URL, configure the URL to look like:
https://[insert an authorized domain]/login?email=email
For the authorized domain ⬆, go to the the Authentication tab, then click the "Settings" tab, and select the "Authorized domains" section. Copy the domain that looks like
[the app's name].firebaseapp.com
. Paste this entire domain into the Deep Link we are creating above. You can also instead allowlist the dynamic links URL prefix and use that here as well.-
On step 3, Define link behavior for iOS, select Open the deep link in your iOS App and make sure your app is selected in the drop down.
-
Configure the following steps as you please and then hit Create!
-
Dynamic links use your app's bundle identifier as a url scheme by default. In Xcode, add a custom URL scheme for your bundle identifier.
-
Last todo! Navigate to
sendSignInLink()
inPasswordlessViewController.swift
. Within the method, there is astringURL
constant. Paste in the long deeplink you created from the steps above for theauthroizedDomain
property above the method. It should look something like:
let stringURL = "https://\(authorizedDomain)/login"
- Run the app on your device or simulator.
- Select Email Link/Passwordless. This will present a login screen where you can enter an email for the verification email to be sent to.
- Enter an email and tap Send Sign In Link. While keeping the current view controller displayed, switch to a mail app and wait to receive the verification email.
- Once the email has been received, open it and tap the sign in link. This will link back to the quickstart and finish the login flow.
See the Getting Started with Email Link/Passwordless Sign In guide for more details.
We will start by taking a look at PasswordlessViewController.swift
. If you are currently running the quickstart app, select the "Email Link/Passwordless" authentication option.
The user is prompted for an email to be used in the verification process. When the Send Sign In Link button is tapped, we configure our verification link by adding the user's email to the dynamic link we created earlier. Then we send a send the link to the user's email. You can edit the format of these verification emails on the Firebase Console.
When the user receives the verification email, they can open the link contained in the email to be redirected back to the app (using the power of Dynamic Links 😎. On apps using the SceneDelegate
API, opening the incoming dynamic link will be handled in UIWindowSceneDelegate
's func scene(_ scene: UIScene, continue userActivity: NSUserActivity)
method. This method can be implemented in SceneDelegate.swift
. Since the quickstart uses the SceneDelegate
API, you can check out the implementation here. We basically pass the incoming link to a helper method that will do a few things:
// SceneDelegate.swift
private func handleIncomingDynamicLink(_ incomingURL: URL) {
// Handle the potential `error`
let link = incomingURL.absoluteString
// Here, we check if our dynamic link is a sign-link (the one we emailed our user!)
if Auth.auth().isSignIn(withEmailLink: link) {
// Save the link as it will be used in the next step to complete login
UserDefaults.standard.set(link, forKey: "Link")
// Post a notification to the PasswordlessViewController to resume authentication
NotificationCenter.default.post(Notification(name: Notification.Name("PasswordlessEmailNotificationSuccess")))
}
}
If the incoming dynamic link is a sign-in link, then we post a notification that pretty much says: "Hey! A user just opened a verification dynamic link that we emailed them and we need to complete the authentication!"
This takes us back to our PasswordlessViewController.swift
, where we registered for this exact notification! When the notification is posted, we will receive it here and call the passwordlessSignIn()
method to complete the authentication. In this method, we used Firebase Auth's Auth.auth().signIn(withEmail: String, link: String)
which, behind the scenes, checks that this link was the link we originally sent to the associated email and if so, signs in the user! 🥳
When Firebase Auth uses Phone Number authentication, Auth will attempt to send a silent Apple Push Notification (APN) to the device to confirm that the phone number being used is associated with the device. If APNs (which, like Sign In with Apple, are a capability you can enable in Xcode or on the Apple Developer Console) are not enabled or configured correctly, Auth will instead present a web view with a reCAPTCHA verification flow.
Start by going to the Firebase Console and navigate to your project:
- Select the Auth panel and then click the Sign In Method tab.
- Click Phone and turn on the Enable switch, then click Save.
- Run the app on your device or simulator.
- Choose Phone Number to launch the Phone Number Authentication flow
- After entering a phone number, please wait roughly 5 seconds to allow Firebase Auth to present the necessary flow. See the official Firebase docs for phone authentication for more info!
Start by going to the Firebase Console and navigate to your project:
- Select the Auth panel and then click the Sign In Method tab.
- Click Anonymous and turn on the Enable switch, then click Save.
- Run the app on your device or simulator.
- Choose Anonymous Authentication to launch the Anonymous Sign In flow See the official Firebase docs for anonymous authentication for more info!
Firebase Auth can manage authentication for use cases that utilize a custom auth system. Ensure you have an authentication server capable of producing custom signed tokens. When a user signs in, make a request for a signed token from your authentication server.
After your server returns the token, pass that into Firebase Auth's signIn(withCustomtoken: String)
method to complete the authentication process. In the quickstart, you can demo signing in with tokens you generate. See CustomAuthViewController.swift
for more info.
If you wish to setup a custom auth system. The below steps can help in its configuration.
- In the Firebase Console, navigate to Project settings:
- Navigate to the Service accounts tab.
- Locate the section All service account, and click on the
X service accounts
link. This will take you to the Google Cloud Console.
- In the Google Cloud Console:
- Make sure the right Firebase project is selected.
- From the left "hamburger" menu navigate to the API Manager tab.
- Click on the Credentials item in the left column.
- Click New credentials and select Service account key. Select New service account, pick any name, and select JSON as the key type. Then click Create.
- You should now have a new JSON file for your service account in your Downloads directory.
- Open the file
web/auth.html
in your computer's web browser. Theauth.html
file can now be found in the current directory'sLegacyAuthQuickstart
subdirectory.- Click Choose File and upload the JSON file you just downloaded.
- Enter any User ID and click Generate.
- Copy the token link displayed.
- Run the app on your device or simulator.
- Select Custom Auth system
- Paste in the token you generated earlier.
- Pressing Login should then login the token's affiliated user.
Copyright 2020 Google LLC
Licensed to the Apache Software Foundation (ASF) under one or more contributor
license agreements. See the NOTICE file distributed with this work for
additional information regarding copyright ownership. The ASF licenses this
file to you under the Apache License, Version 2.0 (the "License"); you may not
use this file except in compliance with the License. You may obtain a copy of
the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations under
the License.