Authenticate with Firebase using a Phone Number with Unity

You can useFirebase Authentication to sign in a user by sending an SMS messageto the user's phone. The user signs in using a one-time code contained in theSMS message.

This document describes how to implement a phone number sign-in flow usingthe Firebase SDK.

Phone numbers that end users provide for authentication will be sent and storedby Google to improve our spam and abuse prevention across Google services,including but not limited to Firebase. Developers should ensure they haveappropriate end-user consent prior to using theFirebase Authentication phone numbersign-in service.

Before you begin

  1. Before you can useFirebase Authentication, you need to add theFirebaseUnity SDK (specifically,FirebaseAuth.unitypackage) to your Unity project.

    Find detailed instructions for these initial setup steps inAdd Firebase to your Unity project.

  2. If you haven't yet connected your app to your Firebase project, do so from theFirebase console.
  3. Understand the platform requirements for Phone Number sign-in:
    • Phone Number sign-in is for mobile platforms only.
    • On iOS, Phone Number sign-in requires a physical device and won't work on a simulator.

Security concerns

Authentication using only a phone number, while convenient, is less securethan the other available methods, because possession of a phone numbercan be easily transferred between users. Also, on devices with multiple userprofiles, any user that can receive SMS messages can sign in to an account usingthe device's phone number.

If you use phone number based sign-in in your app, you should offer italongside more secure sign-in methods, and inform users of the securitytradeoffs of using phone number sign-in.

Enable Phone Number sign-in for your Firebase project

To sign in users by SMS, you must first enable the Phone Number sign-inmethod for your Firebase project:

  1. In theFirebase console, open theAuthentication section.
  2. On theSign-in Method page, enable thePhone Number sign-in method.
  3. Optional: On theSettings page, set a policy on the regions to which you want to allow or deny SMS messages to be sent. Setting an SMS region policy can help protect your apps from SMS abuse.

Start receiving APNs notifications (iOS only)

To use phone number authentication on iOS, your app must be able to receiveAPNs notifications from Firebase. When you sign in a user with their phonenumber for the first time on a device,Firebase Authentication sends a silent pushnotification to the device to verify that the phone number sign-in request comesfrom your app. (For this reason, phone number sign-in cannot be used on asimulator.)

To enable APNs notifications for use withFirebase Authentication:

  1. In Xcode, enable push notifications for your project.

  2. Upload your APNs certificate to Firebase. If you don't already have an APNs certificate, make sure to create one in theApple Developer Member Center.

    1. Inside your project in theFirebase console, select the gear icon, selectProject Settings, and then select theCloud Messaging tab.

    2. Select theUpload Certificate button for your development certificate, your production certificate, or both. At least one is required.

    3. For each certificate, select the .p12 file, and provide the password, if any. Make sure the bundle ID for this certificate matches the bundle ID of your app. SelectSave.

Send a verification code to the user's phone

To initiate phone number sign-in, present the user an interface that prompts them to provide their phone number, and then callPhoneAuthProvider.VerifyPhoneNumber to request that Firebase send an authentication code to the user's phone by SMS:

  1. Get the user's phone number.

    Legal requirements vary, but as a best practiceand to set expectations for your users, you should inform them that if they usephone sign-in, they might receive an SMS message for verification and standardrates apply.

  2. CallPhoneAuthProvider.VerifyPhoneNumber, passing to it a PhoneAuthOptions containing the user's phone number.
    PhoneAuthProviderprovider=PhoneAuthProvider.GetInstance(firebaseAuth);provider.VerifyPhoneNumber(newFirebase.Auth.PhoneAuthOptions{PhoneNumber=phoneNumber,TimeoutInMilliseconds=phoneAuthTimeoutMs,ForceResendingToken=null},verificationCompleted:(credential)=&gt{// Auto-sms-retrieval or instant validation has succeeded (Android only).// There is no need to input the verification code.// `credential` can be used instead of calling GetCredential().},verificationFailed:(error)=&gt{// The verification code was not sent.// `error` contains a human readable explanation of the problem.},codeSent:(id,token)=&gt{// Verification code was successfully sent via SMS.// `id` contains the verification id that will need to passed in with// the code from the user when calling GetCredential().// `token` can be used if the user requests the code be sent again, to// tie the two requests together.},codeAutoRetrievalTimeout:(id)=&gt{// Called when the auto-sms-retrieval has timed out, based on the given// timeout parameter.// `id` contains the verification id of the request that timed out.});
    Note: SeeFirebase Authentication Limits for applicable usage limits and quotas. When you callPhoneAuthProvider.VerifyPhoneNumber, Firebase,
    • (on iOS), sends a silent push notification to your app.
    • Firebase sends an SMS message containing an authentication code to the specified phone number and passes a verification ID to your completion function. You will need both the verification code and the verification ID to sign in the user.

  3. Save the verification ID and restore it when your app loads. By doing so, you can ensure that you still have a valid verification ID if your app is terminated before the user completes the sign-in flow (for example, while switching to the SMS app).

    You can persist the verification ID any way you want. A simple way is to save the verification ID withUnityEngine.PlayerPrefs.

If the callback passed in tocodeSent is called, you canprompt the user to type the verification code when they receive it in the SMSmessage.

On the other hand, if the callback forverificationCompleted iscalled, then automatic verification has succeeded and you will now have aPhoneAuthCredential with which you can use as described below.To prevent abuse, Firebase enforces a limit on the number ofSMS messages that can be sent to a single phone number within a period of time.If you exceed this limit, phone number verification requests might be throttled.If you encounter this issue during development, use a different phone number fortesting, or try the request again later.

Sign in the user with the verification code

After the user provides your app with the verification code from the SMS message, sign the user in by creating aPhoneAuthCredential object from the verification code and verification ID and passing that object toFirebaseAuth.SignInAndRetrieveDataWithCredentialAsync.

  1. Get the verification code from the user.
  2. Create aCredential object from the verification code and verification ID.
    PhoneAuthCredentialcredential=phoneAuthProvider.GetCredential(verificationId,verificationCode);
  3. Sign in the user with thePhoneAuthCredential object:
    auth.SignInAndRetrieveDataWithCredentialAsync(credential).ContinueWith(task=&gt{if(task.IsFaulted){Debug.LogError("SignInAndRetrieveDataWithCredentialAsync encountered an error: "+task.Exception);return;}FirebaseUsernewUser=task.Result.User;Debug.Log("User signed in successfully");// This should display the phone number.Debug.Log("Phone number: "+newUser.PhoneNumber);// The phone number providerID is 'phone'.Debug.Log("Phone provider ID: "+newUser.ProviderId);});

Next steps

After a user signs in for the first time, a new user account is created andlinked to the credentials—that is, the user name and password, phonenumber, or auth provider information—the user signed in with. This newaccount is stored as part of your Firebase project, and can be used to identifya user across every app in your project, regardless of how the user signs in.

  • In your apps, you can get the user's basic profile information from theFirebase.Auth.FirebaseUser object:

    Firebase.Auth.FirebaseUseruser=auth.CurrentUser;if(user!=null){stringname=user.DisplayName;stringemail=user.Email;System.Uriphoto_url=user.PhotoUrl;// The user's Id, unique to the Firebase project.// Do NOT use this value to authenticate with your backend server, if you// have one; use User.TokenAsync() instead.stringuid=user.UserId;}

  • In yourFirebase Realtime Database andCloud StorageSecurity Rules, you can get the signed-in user's unique user ID from theauth variable, and use it to control what data a user can access.

You can allow users to sign in to your app using multiple authenticationproviders bylinking auth provider credentials to anexisting user account.

To sign out a user, callSignOut():

auth.SignOut();

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-18 UTC.