User authentication is one of the most important parts of any mobile app. With Firebase Authentication, Flutter developers get a powerful, secure, and easy-to-implement way to manage user logins. It supports various sign-in methods like Email/Password, Google, Facebook, and Phone — all with minimal configuration.
In this complete step-by-step guide, we’ll walk through how to set up Firebase Authentication in Flutter using three popular methods: Email & Password, Google Sign-In, and Phone Verification. You’ll also find ready-to-use code examples and helpful tips to make your authentication flow seamless and secure.
By the end of this guide, you’ll have a working authentication system ready to plug into your Flutter project.
Overview
Firebase Authentication is part of Google’s Firebase platform, providing developers with an easy way to manage user accounts. It offers:
- A secure and scalable backend for authentication
- Optional prebuilt UI components
- Support for multiple sign-in providers
- Real-time tracking of authentication state
Why Use Firebase Authentication?
- Security first: Firebase takes care of token validation, password hashing, and data protection for you.
- Fast setup: You can implement authentication in minutes without writing backend code.
- Flexible login options: Choose from Email, Google, Apple, Facebook, Phone, and more.
- Cross-platform support: Works smoothly across Android, iOS, and Web using Flutter.
Step-by-Step Integration
1. Set Up a Firebase Project
- Go to the Firebase Console and create a new project.
- Under “Authentication,” enable Email/Password, Google, and Phone sign-in providers.
- For Android, download the
google-services.jsonfile and place it inandroid/app/. - For iOS, download the
GoogleService-Info.plistfile and add it to your Runner project.
2. Add Firebase Dependencies
dependencies:
flutter:
sdk: flutter
firebase_core: ^3.0.0
firebase_auth: ^5.0.0
google_sign_in: ^6.0.0
3. Initialize Firebase
void main() async {
WidgetsFlutterBinding.ensureInitialized();
await Firebase.initializeApp();
runApp(MyApp());
}
Email & Password Authentication
Sign Up with Email
Future<UserCredential> signUpWithEmail(String email, String password) async {
try {
final userCredential = await FirebaseAuth.instance.createUserWithEmailAndPassword(
email: email,
password: password,
);
return userCredential;
} on FirebaseAuthException catch (e) {
throw e.message!;
}
}
Sign In with Email
Future<UserCredential> signInWithEmail(String email, String password) async {
try {
final userCredential = await FirebaseAuth.instance.signInWithEmailAndPassword(
email: email,
password: password,
);
return userCredential;
} on FirebaseAuthException catch (e) {
throw e.message!;
}
}
Google Sign-In
Future<UserCredential> signInWithGoogle() async {
final GoogleSignInAccount? googleUser = await GoogleSignIn().signIn();
final GoogleSignInAuthentication googleAuth = await googleUser!.authentication;
final credential = GoogleAuthProvider.credential(
accessToken: googleAuth.accessToken,
idToken: googleAuth.idToken,
);
return await FirebaseAuth.instance.signInWithCredential(credential);
}
Phone Number Authentication
Future<void> verifyPhoneNumber(String phoneNumber) async {
await FirebaseAuth.instance.verifyPhoneNumber(
phoneNumber: phoneNumber,
verificationCompleted: (PhoneAuthCredential credential) async {
await FirebaseAuth.instance.signInWithCredential(credential);
},
verificationFailed: (FirebaseAuthException e) {
print(e.message);
},
codeSent: (String verificationId, int? resendToken) {
// Save verificationId to use later for OTP verification
},
codeAutoRetrievalTimeout: (String verificationId) {},
);
}
Best Practices
- Always use try/catch to gracefully handle authentication errors.
- Validate user inputs (like email and password) before calling Firebase methods.
- Never log or store authentication tokens in plaintext.
- Use a StreamBuilder to listen for changes in the authentication state and update the UI accordingly.
- Allow users to log out using
FirebaseAuth.instance.signOut().
- For iOS, add the Reversed Client ID to
Info.plistso Google Sign-In works correctly. - Use Firebase test phone numbers when testing to avoid unnecessary SMS charges.
- Manage authentication state globally using Provider or Riverpod.
- You can link multiple authentication methods for one user with
linkWithCredential().
Conclusion
Adding Firebase Authentication to your Flutter app is one of the easiest ways to implement secure, production-grade login systems. Whether you’re using Email/Password, Google Sign-In, or Phone Verification, Firebase handles the hard parts — letting you focus on your app’s user experience.
Start using Firebase Auth today and make your Flutter app secure and user-friendly!
FAQ
1. Can users sign in using multiple methods?
Yes! You can link different login methods (like Google and Email) to the same account using linkWithCredential().
2. How can I detect if a user is logged in?
Use FirebaseAuth.instance.authStateChanges() inside a StreamBuilder to track login and logout states.
3. Is Firebase Authentication free?
Yes, it’s free for Email and Google sign-ins. Phone authentication includes a limited number of free SMS verifications per month.
4. Does Firebase Authentication work on Flutter Web?
Definitely! Firebase Auth supports Web, although some providers like Google Sign-In require additional configuration steps.
5. How can I log a user out?
Call await FirebaseAuth.instance.signOut() to log out the user from all sessions.