Manage Users in Firebase Stay organized with collections Save and categorize content based on your preferences.
Create a user
You create a new user in your Firebase project by calling thecreateUserWithEmailAndPasswordmethod or by signing in a user for the first time using a federated identityprovider, such asGoogle Sign-In orFacebook Login.
You can also create new password-authenticated users from the Authenticationsection of theFirebase console, on the Users page, or by using theAdmin SDK.
Get the currently signed-in user
The recommended way to get the current user is by setting an observer on theAuth object:
Web
import{getAuth,onAuthStateChanged}from"firebase/auth";constauth=getAuth();onAuthStateChanged(auth,(user)=>{if(user){// User is signed in, see docs for a list of available properties// https://firebase.google.com/docs/reference/js/auth.userconstuid=user.uid;// ...}else{// User is signed out// ...}});
Web
firebase.auth().onAuthStateChanged((user)=>{if(user){// User is signed in, see docs for a list of available properties// https://firebase.google.com/docs/reference/js/v8/firebase.Uservaruid=user.uid;// ...}else{// User is signed out// ...}});
By using an observer, you ensure that the Auth object isn't in an intermediatestate—such as initialization—when you get the current user. When youusesignInWithRedirect, theonAuthStateChanged observer waits untilgetRedirectResult resolves before triggering.
You can also get the currently signed-in user by using thecurrentUserproperty. If a user isn't signed in,currentUser is null:
Web
import{getAuth}from"firebase/auth";constauth=getAuth();constuser=auth.currentUser;if(user){// User is signed in, see docs for a list of available properties// https://firebase.google.com/docs/reference/js/auth.user// ...}else{// No user is signed in.}
Web
constuser=firebase.auth().currentUser;if(user){// User is signed in, see docs for a list of available properties// https://firebase.google.com/docs/reference/js/v8/firebase.User// ...}else{// No user is signed in.}
currentUser might also be null because the auth object has not finishedinitializing. If you use an observer to keep track of the user's sign-in status,you don't need to handle this case.Get a user's profile
To get a user's profile information, use the properties of an instance ofUser. For example:
Web
import{getAuth}from"firebase/auth";constauth=getAuth();constuser=auth.currentUser;if(user!==null){// The user object has basic properties such as display name, email, etc.constdisplayName=user.displayName;constemail=user.email;constphotoURL=user.photoURL;constemailVerified=user.emailVerified;// The user's ID, unique to the Firebase project. Do NOT use// this value to authenticate with your backend server, if// you have one. Use User.getToken() instead.constuid=user.uid;}
Web
constuser=firebase.auth().currentUser;if(user!==null){// The user object has basic properties such as display name, email, etc.constdisplayName=user.displayName;constemail=user.email;constphotoURL=user.photoURL;constemailVerified=user.emailVerified;// The user's ID, unique to the Firebase project. Do NOT use// this value to authenticate with your backend server, if// you have one. Use User.getIdToken() instead.constuid=user.uid;}
displayName andphotoURL. The API does not filterthe values to prevent potential XSS-type attacks.Get a user's provider-specific profile information
To get the profile information retrieved from the sign-in providers linked to auser, use theproviderData property. For example:
Web
import{getAuth}from"firebase/auth";constauth=getAuth();constuser=auth.currentUser;if(user!==null){user.providerData.forEach((profile)=>{console.log("Sign-in provider: "+profile.providerId);console.log(" Provider-specific UID: "+profile.uid);console.log(" Name: "+profile.displayName);console.log(" Email: "+profile.email);console.log(" Photo URL: "+profile.photoURL);});}
Web
constuser=firebase.auth().currentUser;if(user!==null){user.providerData.forEach((profile)=>{console.log("Sign-in provider: "+profile.providerId);console.log(" Provider-specific UID: "+profile.uid);console.log(" Name: "+profile.displayName);console.log(" Email: "+profile.email);console.log(" Photo URL: "+profile.photoURL);});}
Update a user's profile
You can update a user's basic profile information—the user's display nameand profile photo URL—with theupdateProfile method. For example:
Web
import{getAuth,updateProfile}from"firebase/auth";constauth=getAuth();updateProfile(auth.currentUser,{displayName:"Jane Q. User",photoURL:"https://example.com/jane-q-user/profile.jpg"}).then(()=>{// Profile updated!// ...}).catch((error)=>{// An error occurred// ...});
Web
constuser=firebase.auth().currentUser;user.updateProfile({displayName:"Jane Q. User",photoURL:"https://example.com/jane-q-user/profile.jpg"}).then(()=>{// Update successful// ...}).catch((error)=>{// An error occurred// ...});
Set a user's email address
You can set a user's email address with theupdateEmail method. For example:
Web
import{getAuth,updateEmail}from"firebase/auth";constauth=getAuth();updateEmail(auth.currentUser,"user@example.com").then(()=>{// Email updated!// ...}).catch((error)=>{// An error occurred// ...});
Web
constuser=firebase.auth().currentUser;user.updateEmail("user@example.com").then(()=>{// Update successful// ...}).catch((error)=>{// An error occurred// ...});
Send a user a verification email
You can send an address verification email to a user with thesendEmailVerification method. For example:
Web
import{getAuth,sendEmailVerification}from"firebase/auth";constauth=getAuth();sendEmailVerification(auth.currentUser).then(()=>{// Email verification sent!// ...});
Web
firebase.auth().currentUser.sendEmailVerification().then(()=>{// Email verification sent!// ...});
You can customize the email template that is used in Authentication section oftheFirebase console, on the Email Templates page.SeeEmail Templates inFirebase Help Center.
It is also possible to pass state via acontinue URL to redirect backto the app when sending a verification email.
Additionally you can localize the verification email by updating the languagecode on the Auth instance before sending the email. For example:
Web
import{getAuth}from"firebase/auth";constauth=getAuth();auth.languageCode='it';// To apply the default browser preference instead of explicitly setting it.// auth.useDeviceLanguage();
Web
firebase.auth().languageCode='it';// To apply the default browser preference instead of explicitly setting it.// firebase.auth().useDeviceLanguage();
Set a user's password
You can set a user's password with theupdatePassword method. For example:
Web
import{getAuth,updatePassword}from"firebase/auth";constauth=getAuth();constuser=auth.currentUser;constnewPassword=getASecureRandomPassword();updatePassword(user,newPassword).then(()=>{// Update successful.}).catch((error)=>{// An error ocurred// ...});
Web
constuser=firebase.auth().currentUser;constnewPassword=getASecureRandomPassword();user.updatePassword(newPassword).then(()=>{// Update successful.}).catch((error)=>{// An error ocurred// ...});
Send a password reset email
You can send a password reset email to a user with thesendPasswordResetEmailmethod. For example:
Web
import{getAuth,sendPasswordResetEmail}from"firebase/auth";constauth=getAuth();sendPasswordResetEmail(auth,email).then(()=>{// Password reset email sent!// ..}).catch((error)=>{consterrorCode=error.code;consterrorMessage=error.message;// ..});
Web
firebase.auth().sendPasswordResetEmail(email).then(()=>{// Password reset email sent!// ..}).catch((error)=>{varerrorCode=error.code;varerrorMessage=error.message;// ..});
You can customize the email template that is used in Authentication section oftheFirebase console, on the Email Templates page.SeeEmail Templates inFirebase Help Center.
It is also possible to pass state via acontinue URL to redirect backto the app when sending a password reset email.
Additionally you can localize the password reset email by updating the languagecode on the Auth instance before sending the email. For example:
Web
import{getAuth}from"firebase/auth";constauth=getAuth();auth.languageCode='it';// To apply the default browser preference instead of explicitly setting it.// auth.useDeviceLanguage();
Web
firebase.auth().languageCode='it';// To apply the default browser preference instead of explicitly setting it.// firebase.auth().useDeviceLanguage();
You can also send password reset emails from theFirebase console.
Delete a user
You can delete a user account with thedelete method. For example:
Web
import{getAuth,deleteUser}from"firebase/auth";constauth=getAuth();constuser=auth.currentUser;deleteUser(user).then(()=>{// User deleted.}).catch((error)=>{// An error ocurred// ...});
Web
constuser=firebase.auth().currentUser;user.delete().then(()=>{// User deleted.}).catch((error)=>{// An error ocurred// ...});
You can also delete users from the Authentication section of theFirebase console, on the Users page.
Re-authenticate a user
Some security-sensitive actions—such asdeleting an account,setting a primary email address, andchanging a password—require that the user hasrecently signed in. If you perform one of these actions, and the user signed intoo long ago, the action fails with an error.When this happens, re-authenticate the user by getting new sign-in credentialsfrom the user and passing the credentials toreauthenticateWithCredential.For example:
Web
import{getAuth,reauthenticateWithCredential}from"firebase/auth";constauth=getAuth();constuser=auth.currentUser;// TODO(you): prompt the user to re-provide their sign-in credentialsconstcredential=promptForCredentials();reauthenticateWithCredential(user,credential).then(()=>{// User re-authenticated.}).catch((error)=>{// An error ocurred// ...});
Web
constuser=firebase.auth().currentUser;// TODO(you): prompt the user to re-provide their sign-in credentialsconstcredential=promptForCredentials();user.reauthenticateWithCredential(credential).then(()=>{// User re-authenticated.}).catch((error)=>{// An error occurred// ...});
Import user accounts
You can import user accounts from a file into your Firebase project by using theFirebase CLI'sauth:import command. For example:
firebaseauth:importusers.json--hash-algo=scrypt--rounds=8--mem-cost=14Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-05 UTC.