Firebase User Authentication

PreviousTable of ContentsNext
Getting Started with FirebaseEmail/Password Authentication using FirebaseUI Auth



Many apps and web services need to provide some form of authentication system in order to identify users, control access to premium content and to protect user data. Without some way to identify one user from another it would also be impossible for the app to know which data and settings belong to which user.

Authentication options can range from requiring an email address and a password to allowing users to sign in using credentials from third-party platforms such as Facebook, Google and Twitter.

Regardless of the motivations for adding user authentication to an app, developers often find that implementation is much more complex than it seems on the surface. Not only must authentication be performed securely and reliably, it must also allow for users to change their account settings, provide support for forgotten passwords and integrate with a range of vastly different third-party authentication APIs. Databases have to be implemented and stored securely and an administration interface developed for manually adding, editing and deleting users.

Fortunately there is an easier option than building all of this infrastructure. All of these requirements can be met with minimal effort by using Firebase Authentication.

An Overview of Firebase Authentication

Firebase authentication provides a way to add user account creation and sign in capabilities to an app with a minimal amount of coding. Once a user has been authenticated with Firebase, the user is assigned a unique Firebase user ID which can be used when integrating other Firebase services such as data storage and cloud messaging.

Firebase uses the concept of authentication providers to facilitate the identification and registration of users. The list of supported Firebase authentication providers currently consists of Google, Facebook, Twitter, GitHub, phone number and email/password authentication. Firebase also provides support for users to sign in anonymously with a temporary account and then subsequently link that account to an authentication provider-based account.

In addition to integrating with the supported authentication providers, Firebase also supports integration with custom authentication systems.

Firebase supports all of the standard authentication features such as handling forgotten passwords and managing user accounts and profiles both programmatically and through the Firebase console.

Two forms of Firebase authentication are available, one involving the use of FirebaseUI Auth and the other a lower level approach using the Firebase SDK. In practice, these involve the use of the following collection of Firebase authentication classes.

FirebaseAuth Instance

Much of the Firebase SDK authentication process involves the use of the FirebaseAuth shared instance. Once a reference to this object has been obtained, it can be used to perform a range of tasks such as creating accounts, signing users in and out and accessing or updating information relating to the current user.

A key function of the FirebaseAuth instance is the authentication state listener (AuthStateListener). When added to the FirebaseAuth instance, it is via this listener that the app receives notification of any changes to the user's authentication status.

Though useful for obtaining user information when using FirebaseUI Auth, the FirebaseAuth instance is primarily used in conjunction with the Firebase SDK approach to authentication.


AuthUI Instance

The AuthUI instance is used extensively in the FirebaseUI Auth authentication process. The class contains a range of methods including a sign-in intent builder and a sign out method. The intent builder method is called to create and configure an Intent object that is then used to launch the FirebaseUI authentication activity. This activity is responsible for all aspects of the user account creation and sign-in process. Configuration options available when using the builder method include changes to the color theme of the sign-in user interface, a logo for branding purposes and a list of the authentication providers that are to be offered as sign-in options to the user.

FirebaseUser Class

The FirebaseUser class is used to encapsulate the profile information for the currently authenticated user. An object of this type is returned, for example, when a call is made to the getCurrentUser() method of the FirebaseAuth instance. The data stored in the object will vary depending on which authentication provider is currently being used, but typically includes information such as the user's display name, email address, a URL to a profile photo and the ID of the authentication provider used to sign into the app. Methods are also included for performing tasks such as updating the user's profile information, verifying the user's email address, accessing the user's Firebase user ID and deleting the user's account.

AuthCredential Classes

The AuthCredential class is used to encapsulate user account credentials in a way that is compatible with Firebase. This class is used when exchanging a token from a third-party authentication provider for the credentials of a Firebase account. When a user signs in using the authentication provider for a third-party platform such as Facebook or Twitter, for example, the app is provided with a user token for that platform. Once obtained, this token needs to be passed to Firebase where it is used to create a Firebase account for the user. Before this can take place, however, the third-party provider token must be converted to an AuthCredential object by making a call to the getCredential() method of the corresponding authentication provider class. For each authentication provider there is a corresponding AuthCredential subclass:

• EmailAuthCredential

• PhoneAuthCredential

• FacebookAuthCredential

• GithubAuthCredential

• GoogleAuthCredential

• TwitterAuthCredential

Authentication Provider Classes

Each of the authentication providers has its own class that is used during the authentication process (specifically to create an AuthCredential object as outlined above). Firebase currently includes the following authentication provider classes:

• EmailAuthProvider

• PhoneAuthProvider

• FacebookAuthProvider

• GithubAuthProvider

• GoogleAuthProvider

• TwitterAuthProvider

FirebaseUI Auth Authentication

Of the two Firebase authentication options (namely FirebaseUI Auth and Firebase SDK), FirebaseUI Auth requires by far the least time and programming effort to integrate. In fact, configuring an Android Studio project to support Firebase authentication typically takes longer than writing the actual code to implement FirebaseUI authentication.

FirebaseUI Auth provides everything necessary to implement user authentication including all of the user interface screens that take the user through the account creation and sign-in process. User authentication can be integrated into an app using FirebaseUI Auth by following a few simple steps:

1. Enable the required authentication providers in the Firebase console.

2. Register the app with the third-party authentication providers for which support is required (Google, Facebook, Twitter and GitHub).

3. Add the FirebaseUI Auth libraries to the Android Studio project.

4. Obtain a reference to the shared FirebaseAuth instance.

5. Use the AuthUI class to configure and build the FirebaseUI authentication intent.

6. Use the intent to launch the FirebaseUI Auth activity.

7. Handle the results returned by the activity.

Each of these steps will be covered in later chapters, beginning with the next chapter entitled Email/Password Authentication using FirebaseUI Auth.

Firebase SDK Authentication

Although integrating authentication using the Firebase SDK is more time consuming, it does have the advantage of flexibility. Unlike FirebaseUI Auth, the Firebase SDK provides full control over the look, feel and behavior of the authentication process (with the exception of any authentication screens presented by third-party authentication providers). In basic terms, Firebase SDK authentication is implemented using the following steps:

1. Enable the required authentication providers in the Firebase console.

2. Register the app with the third-party authentication providers for which support is required (Google, Facebook, Twitter and GitHub).

3. Add the Firebase SDK libraries to the Android Studio project.

4. Obtain a reference to the shared FirebaseAuth instance.

5. Implement and add an AuthStateListener instance to the FirebaseAuth instance and write callback methods.

6. Design the user interface layout for the sign-in screen including options for forgotten passwords.

7. Implement code to handle the account creation, sign-in, sign-out and password reset operations, including adaptations for each of the authentication providers to be supported.

8. Exchange tokens from third-party authentication providers for equivalent Firebase credentials.

9. Handle authentication results within the callback of the AuthStateListener instance.

Beginning with the chapter entitled Email/Password Authentication using the Firebase SDK, details on how to perform the above tasks will be covered for the more widely used authentication providers.

Summary

User authentication is vital both for controlling access to app content and features and protecting user data. Firebase Authentication allows user authentication to be added to an Android app with a minimum amount of time and effort with support for account management and built-in support for a range of popular third-party authentication providers including Google, Twitter and Facebook.

Authentication can be implemented using either FirebaseUI Auth, or the Firebase SDK. FirebaseUI Auth provides a quick and easy way to integrate authentication with minimal effort, while the Firebase SDK approach requires more work but provides greater flexibility.




PreviousTable of ContentsNext
Getting Started with FirebaseEmail/Password Authentication using FirebaseUI Auth