firebase-auth-basics
firebase/agent-skills
Set up Firebase Authentication for user sign-in, management, and secure data access.
What is firebase-auth-basics?
Firebase Authentication provides backend services and SDKs for authenticating users via email/password, federated providers (Google, Facebook, etc.), phone, anonymous, or custom auth. Use this skill when your app needs user sign-in, user management, or auth-based security rules for Firestore or Cloud Storage.
- Enable multiple identity providers (email/password, Google, Facebook, phone, anonymous, custom auth)
- Manage user properties (uid, email, displayName, photoURL, emailVerified)
- Issue and manage ID tokens (JWT) and refresh tokens for secure API access
- Configure auth via Firebase CLI or Console
- Integrate security rules using request.auth for Firestore and Cloud Storage
How to install firebase-auth-basics
npx skills add https://github.com/firebase/agent-skills --skill firebase-auth-basics- Firebase Project created via Firebase CLI
- Firebase CLI installed and logged in
How to use firebase-auth-basics
- 1.Create or select a Firebase Project using Firebase CLI
- 2.Configure auth providers in firebase.json (anonymous, emailPassword, googleSignIn) or enable via Firebase Console
- 3.Deploy auth configuration with npx -y firebase-tools@latest deploy --only auth
- 4.Integrate client SDK (Web, Flutter, or Android) following the appropriate reference guide
- 5.Implement security rules using request.auth to protect Firestore and Cloud Storage resources
Use cases
- Add Google Sign-In to a web or mobile app for secure user authentication
- Implement email/password registration and login flows
- Enable anonymous guest accounts that can be linked to permanent accounts later
- Protect Firestore collections and Cloud Storage buckets using auth-based security rules
- Support multiple sign-in methods (federated providers, phone, custom) in a single app
- Web developers building apps with user authentication
- Mobile developers (Flutter, Android/Kotlin) needing auth integration
- Backend engineers securing data with auth-based rules
- Full-stack teams implementing user management systems
firebase-auth-basics FAQ
Only Google Sign-In, anonymous auth, and email/password auth can be enabled via CLI. Other providers (Facebook, Twitter, GitHub, etc.) must be enabled through the Firebase Console.
Add your domain to the Authorized Domains list in the Firebase Console or via the authorizedDomains field in firebase.json. For local development, use localhost without protocol or port (e.g., localhost, NOT http://localhost:9090).
Yes. You must run npx -y firebase-tools@latest deploy --only auth to deploy the auth configuration to Firebase backend so providers like Google Sign-In can auto-generate necessary OAuth clients.
Firebase Auth provides an ID Token (JWT, short-lived, 1 hour) for identifying users and a Refresh Token (long-lived) for obtaining new ID tokens.
Use request.auth in Firestore and Cloud Storage security rules to restrict access based on user identity and properties.
Full instructions (SKILL.md)
Source of truth, from firebase/agent-skills.
name: firebase-auth-basics
description: Guide for setting up and using Firebase Authentication. Use this skill when the user's app requires user sign-in, user management, or secure data access using auth rules.
compatibility: This skill is best used with the Firebase CLI, but does not require it. Firebase CLI can be accessed through npx -y firebase-tools@latest.
Prerequisites
- Firebase Project: Created via
npx -y firebase-tools@latest projects:create(seefirebase-basics). - Firebase CLI: Installed and logged in (see
firebase-basics).
Core Concepts
Firebase Authentication provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app.
Users
A user is an entity that can sign in to your app. Each user is identified by a
unique ID (uid) which is guaranteed to be unique across all providers. User
properties include:
uid: Unique identifier.email: User's email address (if available).displayName: User's display name (if available).photoURL: URL to user's photo (if available).emailVerified: Boolean indicating if the email is verified.
Identity Providers
Firebase Auth supports multiple ways to sign in:
- Email/Password: Basic email and password authentication.
- Federated Identity Providers: Google, Facebook, Twitter, GitHub, Microsoft, Apple, etc.
- Phone Number: SMS-based authentication.
- Anonymous: Temporary guest accounts that can be linked to permanent accounts later.
- Custom Auth: Integrate with your existing auth system.
Google Sign In is recommended as a good and secure default provider.
Tokens
When a user signs in, they receive an ID Token (JWT). This token is used to identify the user when making requests to Firebase services (Realtime Database, Cloud Storage, Firestore) or your own backend.
- ID Token: Short-lived (1 hour), verifies identity.
- Refresh Token: Long-lived, used to get new ID tokens.
Workflow
1. Provisioning
Option 1. Enabling Authentication via CLI
Only Google Sign In, anonymous auth, and email/password auth can be enabled via CLI. For other providers, use the Firebase Console.
Configure Firebase Authentication in firebase.json by adding an 'auth' block:
{
"auth": {
"providers": {
"anonymous": true,
"emailPassword": true,
"googleSignIn": {
"oAuthBrandDisplayName": "Your Brand Name",
"supportEmail": "support@example.com",
"authorizedRedirectUris": ["https://example.com", "http://localhost"]
}
}
}
}
[!NOTE] If the Google Sign-In popup opens and immediately closes with the error
[firebase_auth/unauthorized-domain], it means the domain is not authorized. For local development, ensurelocalhostis included in the Authorized Domains list in the Firebase Console or via theauthorizedDomainsfield infirebase.json. CRITICAL: Do NOT include the protocol or port number in the Authorized Domains list (e.g., uselocalhost, NOThttp://localhost:9090).
CRITICAL: After configuring firebase.json, you MUST deploy the auth
configuration to the Firebase backend for the changes to take effect. This is
essential for auth providers like Google Sign-In, email/password, etc. to
auto-generate the necessary OAuth clients for your app platforms. Run:
npx -y firebase-tools@latest deploy --only auth
Option 2. Enabling Authentication in Console
Enable other providers in the Firebase Console.
- Go to the https://console.firebase.google.com/project/_/authentication/providers
- Select your project.
- Enable the desired Sign-in providers (e.g., Email/Password, Google).
2. Client Setup & Usage
Web See references/client_sdk_web.md.
Flutter See references/flutter_setup.md. Android (Kotlin) See references/client_sdk_android.md.
3. Security Rules
Secure your data using request.auth in Firestore/Storage rules.
Related skills
More from firebase/agent-skills and the wider catalog.
firebase-basics
Firebase CLI setup, authentication, and project management for agent workflows
firebase-hosting-basics
Deploy static web apps, SPAs, and microservices to Firebase Hosting with a single command.
firebase-app-hosting-basics
Deploy full-stack Next.js and Angular apps with Firebase App Hosting.
firebase-data-connect
Build and deploy PostgreSQL-backed Firebase backends with GraphQL, auto-generated queries, and type-safe SDKs.
developing-genkit-js
Develop AI-powered applications using Genkit in Node.js/TypeScript with flows, tools, and multi-provider support.
developing-genkit-dart
Generates code and documentation for building AI agents in Dart using the Genkit SDK.