Firebase Authentication provides an end-to-end identity solution for your applications, which allows you to authenticate and verify users with passwords, phone numbers and popular federated identity providers such as Google, Facebook, Twitter, and Microsoft.
Today, we are pleased to announce beta support for Sign in with Apple in Firebase Authentication. Sign in with Apple allows your users to sign in to your applications and websites using their Apple ID.
Firebase also provides FirebaseUI, a customizable drop-in authentication UI that allows developers to easily implement a variety of authentication flows using any of the authentication services supported by Firebase, including Sign in with Apple.
Support for Sign in with Apple is available in beta now, and can be integrated in your applications using the latest versions of the Firebase SDKs for iOS, Android, and the web.
Firebase Auth client SDKs make it possible to sign in as a Firebase user from federated identity providers, including Google, Facebook, and Twitter. The Firebase Auth team is always looking for opportunities to improve the auth experience for developers and users. We know that more sign-in options mean more opportunities to create the best app experience. That's why we are pleased to announce that you can now sign in to Firebase Auth using Microsoft and Yahoo!
Firebase Auth has added two new federated identity providers! Today, Microsoft and Yahoo join our growing list of providers. Applications that rely on these providers no longer have to handle custom credentials on the backend. With this simplified auth flow, developers can spend less time on implementing authentication and more time to spend on the core features of your application. Developers who implement Microsoft or Yahoo sign in for Firebase Auth will also get the benefit of a new, simpler way to get the provider credentials.
Signing in to Firebase with a given identity provider requires garnering a credential from that provider. This often involves including the provider's SDK and implementing the provider's sign-in methods before passing the credentials to Firebase Auth. For some providers, this can be particularly difficult on a native client, especially ones which do not support their own native SDKs. In order to remove the headache of implementing sign-in flows for these identity providers, we now offer generic OAuth2 provider sign-in.
Generic identity provider sign-in provides an easy means for developers to get that credential and use it to sign in by popping up a ChromeCustomTab on Android or a SafariViewController on iOS which will use the Web flow to generate the Identity Provider Credential, and then continue the sign in. Generic sign-in gives you many benefits:
Generic sign-in is available for Microsoft and Yahoo, and will be a feature of other identity providers in the future.
Ready to get started with Microsoft and Yahoo sign-in for Firebase Auth? Check out the guides linked below:
Microsoft Authentication for iOS
Microsoft Authentication for Android
Microsoft Authentication for Web
Yahoo Authentication for iOS
Yahoo Authentication for Android
Yahoo Authentication for Web
Quickstart for iOS
Quickstart for Android
Quickstart for Web
Here at Firebase, we want to make sure you and your users don't ever need to think about the dark underbelly of securing identities and managing users. That's why we're here! We've been hard at work making Firebase Authentication even better, and today I'd love to take you through some of the new functionality we've delivered in an effort to make registering and signing in users even easier.
We've heard loud and clear that our existing mail relay service wasn't providing the high standards you expect from Firebase. Over the last few months, we've not only rolled out the ability to configure your own custom SMTP server, but we've been working incredibly hard to move to a new, highly performant mail service, powered by Google. For more than 99% of Firebase Auth projects, we've performed this migration behind the scenes. Feedback so far has been resoundingly positive and we've heard from a lot of you that this has offered much-needed performance improvements. For our customers that have not yet made the move, we're excited to get you onto the new platform! You have received instructions on a manual verification step that needs to be taken, but if you're having any issues, please don't hesitate to reach out to support.
With this new functionality, your users will be able to seamlessly authenticate to your app simply by clicking a link in their email. No need to remember complex passwords or another set of credentials. We've worked really hard to ensure that users will continue to have the same level of security with an even better authentication experience, and we're excited to finally get this into the hands of our developers. I for one am glad to have one less password to remember!
This functionality is available now for Android, iOS and Web.
Using the Admin SDK, we've had the ability to add and evaluate custom claims in ID tokens for quite some time, as well as providing other useful claims in the ID token payload, such as expiration and issued-at time. We heard from many developers out there that you wanted to customize user experience on the client based on these claim values. Some interesting use-cases are around customizing look and feel based on a specific role or permission or showing additional features to administrators/managers. With that in mind, we've extended the flexibility of custom claims to enable you to consume these values directly from your client app.
We're excited about this change, but want to be sure we reiterate some of our best practices for custom claims:
Traditionally, Firebase Authentication sessions have lived on the client side with a short-lived authentication token (1 hour) and refresh token that was available indefinitely. Many of you out there have told us that you wanted far more granularity and control server-side as to how long a user's session could last. We heard your calls and want to ensure that you never have to go through the trouble of spinning up servers, databases and cryptography systems to roll your own session management system, so we've released this set of new controls directly inside of Firebase Authentication.
With this release, we introduce the capability to issue JWT-based session cookies from the Firebase Admin SDK. This will allow you to create session cookies with custom expiration times ranging from 5 minutes to 2 weeks and still retain all the benefits of custom claims client-side to provide logic and customization to your application.
We've got more details as well as samples of our session management capabilities available in our Admin SDK docs.
The Firebase Authentication team will be at I/O 2018, and we'd love to see you there! We're hosting Authentication Office Hours during the event, and the team will be there to take your questions, discuss some of our awesome new features, or even just to say hi. Look for more details closer to the event. We look forward to seeing you there.
MightySignal, a mobile intelligence startup based out of San Francisco, just published a new report examining the fastest growing Android SDKs of 2017. This fascinating report sheds light on which app development tools are taking off and what trends they signal for the year ahead. We're humbled and excited to see that 8 out of the top 20 fastest growing SDKs are part of Firebase!
This positive reception from the community validates and fuels our commitment to helping developers succeed. It also motivates us to continue making Firebase even better. Over the past year, we've made numerous improvements to our SDKs, including the ones highlighted in MightySignal's report.
Source: MightySignal's 2017 report on the fastest growing SDKs
For example, Firebase Realtime Database is number three on MightySignal's list, and it continues to be one of our most used and trusted products. We understand how important storing and syncing data is for your mobile business, and to further help you with this, we introduced another database product this year. If you're a Realtime Database customer, we think you'll love Cloud Firestore, our latest realtime, scalable NoSQL database that we built in collaboration with the Google Cloud Platform team. It allows you to sync and store data like Realtime Database, while also addressing its key limitations like data structuring, querying, and scaling. Cloud Firestore is available in beta today!
Another notable mention is Firebase Remote Config. Remote Config gives you the power to customize your app's interface and behavior for different audiences so you can deliver personalized app experiences without requiring users to update their apps. Now, Remote Config can be used with Firebase Predictions' dynamic user groups. This means you can change the look and feel of your app for users based on their predicted behavior (such as churn or in-app purchase). Wondering how this works? Learn how Halfbrick Studios grew their 7-day retention rate from 25% to 30% by combining Predictions with Remote Config.
And that's not all that's new with Remote Config! In the past, Remote Config allowed you to perform simple A/B testing, but now, we've gone ahead and added an entirely new experiment layer in Firebase that works wonderfully with Remote Config so you can set up, run, and measure sophisticated A/B tests.
We were also delighted to see that Firebase Auth and Firebase Crash Reporting are experiencing high growth as well, according to MightySignal's findings. After welcoming the Fabric team to Firebase, we worked together to add new features to Auth (such as phone number authentication), which we unveiled in June. More recently, we launched a beta version of Firebase Crashlytics, a powerful realtime crash reporting tool that will help you track, prioritize, and fix issues that erode app stability. Firebase Crashlytics is now our primary crash reporter. If you want to learn more about how app stability can lead to growth in user engagement and retention, check out how Doodle used Crashlytics to grow user engagement by 42%.
MightySignal's data on the fastest growing SDKs is available here. We're very thankful to be part of the developer community and committed to helping you build better apps and grow your business. Stay tuned for more product updates next year and, in the meantime, happy building!
When Firebase was first released, it came with a number of authentication schemes:
You could build an app for email & password authentication (iOS, Android, Web), where the user provides you with basic details -- and Firebase would manage signing in using those as their identity. You could also build using federated identity where, instead of signing up for your app, users could simply sign in using credentials provided by third parties such as Google, Facebook, Twitter or GitHub, or anonymous authentication where you could apply security rules to people who haven't yet signed up.
One type of authentication that was requested by a number of developers was the ability to sign in using a phone number. With that in mind, we're delighted to announce that Firebase Auth now supports phone number authentication. If you're currently using the Digits SDK for phone number auth, check out the announcement here for details on the migration to Firebase Auth.
Here's how Firebase Phone Auth works.
Here's an example of an app that supports phone auth as well as federated identity via Google and Facebook, and basic email/password authentication.
It has been built using FirebaseUI, so many of the flows that you see in this article are automatically implemented for you when you integrate it.
As you can see at the bottom of the screen, there's a 'Sign in with Phone' option.
Let's take a look at what happens when the user taps that.
When the user first taps the Sign In with Phone button, they’ll enter the phone number for the device. When they press ‘Verify’, the number will be sent to Firebase, which will generate a 6-digit code that is sent via SMS to their device.
If the user enters the correct code, Firebase will validate them and add them as a recognized user. They’ll then stay signed in for future sessions.
You’ll see them as a verified user in the Firebase Console:
You can learn more about Firebase Authentication on the Firebase Developers Site.
Firebase UI is an Open Source library that lets you quickly get up and running with best-practice sign in and sign up flows. Phone Auth with Firebase UI is presently available on iOS and the Web, and coming soon to Android.
We're continuing to grow and build Firebase and Firebase Authentication, and we'd love to hear your feedback, so please reach out to us at firebase.google.com/support.
