Get Started with Firebase Authentication on Flutter

Connect your app to Firebase

Install and initialize the Firebase SDKs for Flutter if you haven't already doneso.

Add Firebase Authentication to your app

  1. From the root of your Flutter project, run the following command to installthe plugin:

    flutterpubaddfirebase_auth

  2. Once complete, rebuild your Flutter application:

    flutterrun

  3. Import the plugin in your Dart code:

    import'package:firebase_auth/firebase_auth.dart';

To use an authentication provider, you need to enable it in theFirebase console.Go to the Sign-in Method page in the Firebase Authentication section to enableEmail/Password sign-in and any other identity providers you want for your app.

(Optional) Prototype and test with Firebase Local Emulator Suite

Before talking about how your app authenticates users, let's introduce a set oftools you can use to prototype and test Authentication functionality:Firebase Local Emulator Suite. If you're deciding among authentication techniquesand providers, trying out different data models with public and private datausing Authentication and Firebase Security Rules, or prototyping sign-in UI designs, being able towork locally without deploying live services can be a great idea.

An Authentication emulator is part of the Local Emulator Suite, whichenables your app to interact with emulated database content and config, aswell as optionally your emulated project resources (functions, other databases,and security rules).

Using the Authentication emulator involves just a few steps:

  1. Adding a line of code to your app's test config to connect to the emulator.

  2. From the root of your local project directory, runningfirebase emulators:start.

  3. Using the Local Emulator Suite UI for interactive prototyping, or theAuthentication emulator REST API for non-interactive testing.

  4. CalluseAuthEmulator() to specify the emulator address and port:

    Future<void>main()async{WidgetsFlutterBinding.ensureInitialized();awaitFirebase.initializeApp();// Ideal time to initializeawaitFirebaseAuth.instance.useAuthEmulator('localhost',9099);//...}

A detailed guide is available atConnect your app to the Authentication emulator.For more information, see theLocal Emulator Suite introduction.

Now let's continue with how to authenticate users.

Check current auth state

Firebase Auth provides many methods and utilities for enabling you to integratesecure authentication into your new or existing Flutter application. In manycases, you will need to know about the authenticationstate of your user,such as whether they're logged in or logged out.

Firebase Auth enables you to subscribe in realtime to this state via aStream.Once called, the stream provides an immediate event of the user's currentauthentication state, and then provides subsequent events wheneverthe authentication state changes.

There are three methods for listening to authentication state changes:

authStateChanges()

To subscribe to these changes, call theauthStateChanges() method on yourFirebaseAuth instance:

FirebaseAuth.instance.authStateChanges().listen((User?user){if(user==null){print('User is currently signed out!');}else{print('User is signed in!');}});

Events are fired when the following occurs:

  • Right after the listener has been registered.
  • When a user is signed in.
  • When the current user is signed out.

idTokenChanges()

To subscribe to these changes, call theidTokenChanges() method on yourFirebaseAuth instance:

FirebaseAuth.instance.idTokenChanges().listen((User?user){if(user==null){print('User is currently signed out!');}else{print('User is signed in!');}});

Events are fired when the following occurs:

  • Right after the listener has been registered.
  • When a user is signed in.
  • When the current user is signed out.
  • When there is a change in the current user's token.

If you set custom claims using the Firebase Admin SDK,you will only see this event fire when the following occurs:

For further details, seePropagating custom claims to the client

userChanges()

To subscribe to these changes, call theuserChanges() method on yourFirebaseAuth instance:

FirebaseAuth.instance.userChanges().listen((User?user){if(user==null){print('User is currently signed out!');}else{print('User is signed in!');}});

Events are fired when the following occurs:

  • Right after the listener has been registered.
  • When a user is signed in.
  • When the current user is signed out.
  • When there is a change in the current user's token.
  • When the following methods provided byFirebaseAuth.instance.currentUser are called:
    • reload()
    • unlink()
    • updateEmail()
    • updatePassword()
    • updatePhoneNumber()
    • updateProfile()

idTokenChanges(),userChanges() &authStateChanges() will not fire if youupdate theUser profile with the Firebase Admin SDK. You will have to force areload usingFirebaseAuth.instance.currentUser.reload() to retrieve the latestUser profile.

idTokenChanges(),userChanges() &authStateChanges() will also not fireif you disable or delete theUser with the Firebase Admin SDK or the Firebaseconsole. You will have to force a reload usingFirebaseAuth.instance.currentUser.reload(), which will cause auser-disabledoruser-not-found exception that you can catch and handle in your app code.

Persisting authentication state

The Firebase SDKs for all platforms provide out of the box support for ensuringthat your user's authentication state is persisted across app restarts or pagereloads.

On native platforms such as Android & iOS, this behavior is not configurableand the user's authentication state will be persisted on device between apprestarts. The user can clear the apps cached data using the device settings,which will wipe any existing state being stored.

On web platforms, the user's authentication state is stored inIndexedDB.You can change the persistence to store data in thelocal storageusingPersistence.LOCAL.If required, you can change this default behavior to only persistauthentication state for the current session, or not at all. To configure thesesettings, call the following methodFirebaseAuth.instanceFor(app: Firebase.app(), persistence: Persistence.LOCAL);.You can still update the persistence for each Auth instance usingsetPersistence(Persistence.NONE).

// Disable persistence on web platforms. Must be called on initialization:finalauth=FirebaseAuth.instanceFor(app:Firebase.app(),persistence:Persistence.NONE);// To change it after initialization, use `setPersistence()`:awaitauth.setPersistence(Persistence.LOCAL);

Next Steps

Explore the guides on signing in and signing up users with the supportedidentity and authentication services.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-10-29 UTC.