Some Firebase Android SDKs depend on Google Play services, which means they will only run on devices and emulators with Google Play services installed. These Firebase SDKs communicate with the Google Play services background service on the device to provide a secure, up-to-date, and lightweight API to your app.
Certain Android devices do not have Google Play services installed. Previously, this meant developers had to make use of work-arounds to be able to be able to use these Firebase SDKs on such devices.
Today, we are pleased to announce that as of version 20.0.0 of the Firebase Authentication Android SDK (which is included in version 26.0.0 of the Firebase Android BoM), Firebase Authentication no longer depends on Google Play services. This means it is now easy to securely access Firebase products like Cloud Firestore, Realtime Database, and Cloud Storage from any Android device.
Firebase handles all of this behind the scenes, so you won't have to make any changes to your code base. All you have to do is to update your Gradle dependencies to the latest version (26.0.0) of the Firebase Android BoM, recompile, and you're good to go.
dependencies { // ... // Import the Firebase BoM implementation platform('com.google.firebase:firebase-bom:26.0.0') // When using the BoM, you don't specify versions in Firebase library dependencies // For example, declare the dependencies for Firebase Authentication and Cloud Firestore implementation 'com.google.firebase:firebase-auth' implementation 'com.google.firebase:firebase-firestore' }
In case you've used a workaround to be able to use Firebase Auth on non-GMS devices, you can now remove this workaround from your app.
In order to remove the dependency on Google Play services without compromising security, the new version of the Firebase Authentication SDK for Android made some changes to Phone Number Authentication. In particular, Firebase must be able to verify that phone number sign-in requests are coming from your app. On devices with Google Play services installed, Firebase will use Android SafetyNet to establish the device as legitimate. If your app makes use of Phone Number Authentication, you should enable the SafetyNet API. In the event that SafetyNet cannot be used (for example, on devices without Google Play services), Firebase will use reCAPTCHA verification to complete the phone sign-in flow.
It is worth noting that the reCAPTCHA flow will only be triggered when SafetyNet is not available or the user's device doesn't pass suspicion checks. Nonetheless, you should ensure that both scenarios are working correctly. For example, you can call FirebaseAuth.getInstance().getFirebaseAuthSettings().forceRecaptchaFlowForTesting(); in your tests to force the reCAPTCHA flow. For more detail about testing, refer to the documentation, which goes into much more detail.
FirebaseAuth.getInstance().getFirebaseAuthSettings().forceRecaptchaFlowForTesting();
For a complete list of Firebase SDKs that require Google Play services, refer to this overview.
If you have feedback or want to contribute, you can find us on GitHub.
Firebase Authentication provides an end-to-end identity solution for your applications, which allows you to authenticate and verify users with passwords, phone numbers and popular federated identity providers such as Google, Facebook, Twitter, and Microsoft.
Today, we are pleased to announce beta support for Sign in with Apple in Firebase Authentication. Sign in with Apple allows your users to sign in to your applications and websites using their Apple ID.
Firebase also provides FirebaseUI, a customizable drop-in authentication UI that allows developers to easily implement a variety of authentication flows using any of the authentication services supported by Firebase, including Sign in with Apple.
Support for Sign in with Apple is available in beta now, and can be integrated in your applications using the latest versions of the Firebase SDKs for iOS, Android, and the web.
Here at Firebase, we want to make sure you and your users don't ever need to think about the dark underbelly of securing identities and managing users. That's why we're here! We've been hard at work making Firebase Authentication even better, and today I'd love to take you through some of the new functionality we've delivered in an effort to make registering and signing in users even easier.
We've heard loud and clear that our existing mail relay service wasn't providing the high standards you expect from Firebase. Over the last few months, we've not only rolled out the ability to configure your own custom SMTP server, but we've been working incredibly hard to move to a new, highly performant mail service, powered by Google. For more than 99% of Firebase Auth projects, we've performed this migration behind the scenes. Feedback so far has been resoundingly positive and we've heard from a lot of you that this has offered much-needed performance improvements. For our customers that have not yet made the move, we're excited to get you onto the new platform! You have received instructions on a manual verification step that needs to be taken, but if you're having any issues, please don't hesitate to reach out to support.
With this new functionality, your users will be able to seamlessly authenticate to your app simply by clicking a link in their email. No need to remember complex passwords or another set of credentials. We've worked really hard to ensure that users will continue to have the same level of security with an even better authentication experience, and we're excited to finally get this into the hands of our developers. I for one am glad to have one less password to remember!
This functionality is available now for Android, iOS and Web.
Using the Admin SDK, we've had the ability to add and evaluate custom claims in ID tokens for quite some time, as well as providing other useful claims in the ID token payload, such as expiration and issued-at time. We heard from many developers out there that you wanted to customize user experience on the client based on these claim values. Some interesting use-cases are around customizing look and feel based on a specific role or permission or showing additional features to administrators/managers. With that in mind, we've extended the flexibility of custom claims to enable you to consume these values directly from your client app.
We're excited about this change, but want to be sure we reiterate some of our best practices for custom claims:
Traditionally, Firebase Authentication sessions have lived on the client side with a short-lived authentication token (1 hour) and refresh token that was available indefinitely. Many of you out there have told us that you wanted far more granularity and control server-side as to how long a user's session could last. We heard your calls and want to ensure that you never have to go through the trouble of spinning up servers, databases and cryptography systems to roll your own session management system, so we've released this set of new controls directly inside of Firebase Authentication.
With this release, we introduce the capability to issue JWT-based session cookies from the Firebase Admin SDK. This will allow you to create session cookies with custom expiration times ranging from 5 minutes to 2 weeks and still retain all the benefits of custom claims client-side to provide logic and customization to your application.
We've got more details as well as samples of our session management capabilities available in our Admin SDK docs.
The Firebase Authentication team will be at I/O 2018, and we'd love to see you there! We're hosting Authentication Office Hours during the event, and the team will be there to take your questions, discuss some of our awesome new features, or even just to say hi. Look for more details closer to the event. We look forward to seeing you there.
final FirebaseUser user = mAuth.getCurrentUser(); user.sendEmailVerification() .addOnCompleteListener(this, new OnCompleteListener() { @Override public void onComplete(@NonNull Task task) { // Re-enable button findViewById(R.id.verify_email_button).setEnabled(true); if (task.isSuccessful()) { Toast.makeText(EmailPasswordActivity.this, "Verification email sent to " + user.getEmail(), Toast.LENGTH_SHORT).show(); } else { Log.e(TAG, "sendEmailVerification", task.getException()); Toast.makeText(EmailPasswordActivity.this, "Failed to send verification email.", Toast.LENGTH_SHORT).show(); } } });
mAuth.getCurrentUser()
sendEmailVerification()
user.isEmailVerified()
mStatusTextView.setText(getString(R.string.emailpassword_status_fmt, user.getEmail(), user.isEmailVerified()));
.getCurrentUser().reload()
<!DOCTYPE html> < html lang="en"> < head> < title>EasyAuth</title> <meta charset="UTF-8"> </head> <!-- Below is the initialization snippet for my Firebase project. It will vary for each project --> <script src="https://www.gstatic.com/firebasejs/3.6.4/firebase.js"></script> <script> // Initialize Firebase var config = { apiKey: "AIzaSyAPtNmUso5tA8d83vaJlgDHA_4C7HEgYNY", authDomain: "authui-6818f.firebaseapp.com", databaseURL: "https://authui-6818f.firebaseio.com", storageBucket: "authui-6818f.appspot.com", messagingSenderId: "596916061379" }; firebase.initializeApp(config); </script> <!-- The code below initializes the sign-in widget from FirebaseUI web. --> <script src="https://cdn.firebase.com/libs/firebaseui/1.0.0/firebaseui.js"></script> <link type="text/css" rel="stylesheet" href="https://cdn.firebase.com/libs/firebaseui/1.0.0/firebaseui.css" /> <script type="text/javascript"> var uiConfig = { signInSuccessUrl: 'loggedIn.html', signInOptions: [ // Specify providers you want to offer your users. firebase.auth.GoogleAuthProvider.PROVIDER_ID, firebase.auth.EmailAuthProvider.PROVIDER_ID ], // Terms of service url can be specified and will show up in the widget. tosUrl: '<your-tos-url>' }; // Initialize the FirebaseUI Widget using Firebase. var ui = new firebaseui.auth.AuthUI(firebase.auth()); // The start method will wait until the DOM is loaded. ui.start('#firebaseui-auth-container', uiConfig); </script> <!-- Include a simple background image & and title --> <div></div> <body> <h1 align="center" style="color:white;">Firebase Auth Quickstart Demo</h1> <div id="firebaseui-auth-container"></div> </body> </html>
<!DOCTYPE html> <html lang="en"> <head> <title>EasyAuth</title> <meta charset="UTF-8"> </head> <!-- Below is the initialization snippet for my Firebase project. It will vary for each project --> <script src="https://www.gstatic.com/firebasejs/3.6.4/firebase.js"></script> <script> // Initialize Firebase var config = { apiKey: "AIzaSyAPtNmUso5tA8d83vaJlgDHA_4C7HEgYNY", authDomain: "authui-6818f.firebaseapp.com", databaseURL: "https://authui-6818f.firebaseio.com", storageBucket: "authui-6818f.appspot.com", messagingSenderId: "596916061379" }; firebase.initializeApp(config); </script> <body> <!-- A simple example script to add text to the page that displays the user's Display Name and Email --> <script> // Track the UID of the current user. var currentUid = null; firebase.auth().onAuthStateChanged(function(user) { // onAuthStateChanged listener triggers every time the user ID token changes. // This could happen when a new user signs in or signs out. // It could also happen when the current user ID token expires and is refreshed. if (user && user.uid != currentUid) { // Update the UI when a new user signs in. // Otherwise ignore if this is a token refresh. // Update the current user UID. currentUid = user.uid; document.body.innerHTML = '<h1> Congrats ' + user.displayName + ', you are done! </h1> <h2> Now get back to what you love building. </h2> <h2> Need to verify your email address or reset your password? Firebase can handle all of that for you using the email you provided: ' + user.email + '. <h/2>'; } else { // Sign out operation. Reset the current user UID. currentUid = null; console.log("no user signed in"); } }); </script> <h1>Congrats you're done! Now get back to what you love building.</h1> </html>
With Firebase, we've been working towards a world where developers don't have to deal with managing servers and can instead build web and mobile apps with only client-side code. However, there are times when you really do need to spin up your own server. For example, you may want to integrate with a third-party API (such as an email or SMS service), complete a computationally expensive task, or have a need for a trusted actor. We want to make your experience on this part of your stack as simple as it is on the front-end. Towards that aim, we announced the Firebase Admin SDKs for Node.js and Java at the Firebase Dev Summit in Berlin earlier this week.
What are the Admin SDKs?
The Firebase Admin SDKs provide developers with programmatic, second-party access to Firebase services from server environments. Second-party here refers to the fact that the SDKs are granted elevated permissions that allow them to do more than a normal, untrusted client device can. The Admin SDKs get these elevated permissions since they are authenticated with a service account, a special Google account that can be used by applications to access Google services programmatically. The Admin SDKs are meant to complement the existing Firebase web and mobile clients which provide third-party, end-user access to Firebase services on client devices.
Some of this may sound familiar for those of you who have used the existing Firebase Node.js and Java SDKs. The difference is that we have now split the second-party (aka "admin") and third-party (aka "end-user") access use cases into separate SDKs instead of conflating them together. This should make it easier for beginners and experts alike to know which SDK to use and which documentation to follow. It also allows us to tailor the Admin SDKs towards server-specific use cases. A great example of this is the new user management auth API which we will go into in the next section.
What can the Admin SDKs do?
The Admin SDKs for Node.js and Java offer the following admin capabilities that already existed in the prior server SDKs:
In addition, the Node.js SDK brings some exciting new functionality:
How can I get started with the Admin SDKs?
The best place to start is with our Admin SDKs setup guide. The guide will walk you through how to download the SDK, generate a service account key file, and use that key file to initialize the Admin SDK. Thanks to our new Service Accounts panel in your Firebase Console settings, generating service account keys should be a breeze.
What's next for the Admin SDKs?
This is really just the beginning for the Admin SDKs. We plan to expand the Admin SDKs across two dimensions. Firstly, we want to provide Admin SDKs in more programming languages, allowing you to write code in the language you feel most comfortable. Secondly, we plan to integrate with more Firebase services, including adding support for services like Firebase Cloud Messaging and bringing the new user management API to Java.
Would you like us to build an Admin SDK in a particular language? Do you want the Admin SDKs to support a certain Firebase service or feature? Let us know in the comments below or by sending us a note through our feature request support channel.
We are excited to expand our first-class support for backend developers in the Firebase ecosystem. Stay tuned for more to come in the future!
For most developers, building an authentication system for your app can feel a lot like paying taxes. They are both relatively hard to understand tasks that you have no choice but doing, and could have big consequences if you get them wrong. No one ever started a company to pay taxes and no one ever built an app just so they could create a great login system. They just seem to be inescapable costs.
But now, you can at least free yourself from the auth tax. With Firebase Authentication, you can outsource your entire authentication system to Firebase so that you can concentrate on building great features for your app. Firebase Authentication makes it easier to get your users signed-in without having to understand the complexities behind implementing your own authentication system. It offers a straightforward getting started experience, optional UX components designed to minimize user friction, and is built on open standards and backed by Google infrastructure.
Implementing Firebase Authentication is relatively fast and easy. From the Firebase console, just choose from the popular login methods that you want to offer (like Facebook, Google, Twitter and email/password) and then add the Firebase SDK to your app. Your app will then be able to connect securely with the real time database, Firebase storage or to your own custom back end. If you have an auth system already, you can use Firebase Authentication as a bridge to other Firebase features.
Firebase Authentication also includes an open source UI library that streamlines building the many auth flows required to give your users a good experience. Password resets, account linking, and login hints that reduce the cognitive load around multiple login choices - they are all pre-built with Firebase Authentication UI. These flows are based on years of UX research optimizing the sign-in and sign-up journeys on Google, Youtube and Android. It includes Smart Lock for Passwords on Android, which has led to significant improvements in sign-in conversion for many apps. And because Firebase UI is open source, the interface is fully customizable so it feels like a completely natural part of your app. If you prefer, you are also free to create your own UI from scratch using our client APIs.
And Firebase Authentication is built around openness and security. It leverages OAuth 2.0 and OpenID Connect, industry standards designed for security, interoperability, and portability. Members of the Firebase Authentication team helped design these protocols and used their expertise to weave in latest security practices like ID tokens, revocable sessions, and native app anti-spoofing measures to make your app easier to use and avoid many common security problems. And code is independently reviewed by the Google Security team and the service is protected in Google’s infrastructure.
Fabulous uses Firebase Authentication to power their login system. Fabulous is a research-based app incubated in Duke University’s Center for Advanced Hindsight. Its goal is to help users to embark on a journey to reset poor habits, replacing them with healthy rituals, with the ultimate goal of improving health and well-being.
The developers of Fabulous wanted to implement an onboarding flow that was easy to use, required minimal updates, and reduced friction with the end user. They wanted an anonymous option so that users could experiment with it before signing up. They also wanted to support multiple login types, and have an option where the user sign-in flow was consistent with the look and feel of the app.
“I was able to implement auth in a single afternoon. I remember that I spent weeks before creating my own solution that I had to update each time the providers changed their API” - Amine Laadhari, Fabulous CTO.
Chu-Day is an application (available on Android and iOS) that helps couples to never forget the dates that matter most to them. It was created by the Korean firm Malang Studio, that develops character-centric, gamified lifestyle applications.
Generally, countdown and anniversary apps do not require users to sign-in, but Malang Studio wanted to make Chu-day special, and differentiate it from others by offering the ability to connect couples so they could jointly countdown to a special anniversary date. This required a sign-in feature, and in order to prevent users from dropping out, Chu-day needed to make the sign-in process seamless.
Malang Studio was able to integrate an onboarding flow in for their apps, using Facebook and Google Sign-in, in one day, without having to worry about server deployment or databases. In addition, Malang Studio has also been taking advantage of the Firebase User Management Console, which helped them develop and test their sign-in implementation as well as manage their users:
“Firebase Authentication required minimum configuration so implementing social account signup was easy and fast. User management feature provided in the console was excellent and we could easily implement our user auth system.” - Marc Yeongho Kim, CEO / Founder from Malang Studio
For more about Firebase Authentication, visit the developers site and watch our I/O 2016 session, “Best practices for a great sign-in experience.”
