FirebaseAuth Framework Reference

FIRUser

Represents a user. Firebase Auth does not attempt to validate users when loading them from the keychain. Invalidated users (such as those whose passwords have been changed on another client) are automatically logged out when an auth-dependent operation is attempted or when the ID token is automatically refreshed.This class is thread-safe.

  • Indicates the user represents an anonymous user.

    Declaration

    Objective-C

    @property(nonatomic,readonly,getter=isAnonymous)BOOLanonymous;

  • Indicates the email address associated with this user has been verified.

    Declaration

    Objective-C

    @property(nonatomic,readonly,getter=isEmailVerified)BOOLemailVerified;

  • A refresh token; useful for obtaining new access tokens independently.This property should only be used for advanced scenarios, and is not typically needed.

    Declaration

    Objective-C

    @property(nonatomic,readonly,nullable)NSString*refreshToken;

  • Profile data for each identity provider, if any.This data is cached on sign-in and updated when linking or unlinking.

    Declaration

    Objective-C

    @property(nonatomic,readonly,nonnull)NSArray<id<FIRUserInfo>>*providerData;

  • Metadata associated with the Firebase user in question.

    Declaration

    Objective-C

    @property(nonatomic,readonly,nonnull)FIRUserMetadata*metadata;

  • The tenant ID of the current user. nil if none is available.

    Declaration

    Objective-C

    @property(nonatomic,readonly,nullable)NSString*tenantID;

  • Multi factor object associated with the user. This property is available on iOS only.

    Declaration

    Objective-C

    @property(nonatomic,readonly,nonnull)FIRMultiFactor*multiFactor;

  • This class should not be instantiated.To retrieve the current user, useAuth.currentUser. To sign a user in or out, use the methods onAuth.

    Declaration

    Objective-C

    -(nonnullinstancetype)init;

  • [Deprecated] Updates the email address for the user. On success, the cached user profiledata is updated. Throws FIRAuthErrorCodeInvalidCredentials error whenEmail EnumerationProtectionis enabled. May fail if there is already an account with this email address that was created using email and password authentication.

    Possible error codes:

    +`AuthErrorCodeInvalidRecipientEmail`-Indicatesaninvalidrecipientemailwassentintherequest.+`AuthErrorCodeInvalidSender`-Indicatesaninvalidsenderemailissetintheconsoleforthisaction.+`AuthErrorCodeInvalidMessagePayload`-Indicatesaninvalidemailtemplateforsendingupdateemail.+`AuthErrorCodeEmailAlreadyInUse`-Indicatestheemailisalreadyinusebyanotheraccount.+`AuthErrorCodeInvalidEmail`-Indicatestheemailaddressismalformed.+`AuthErrorCodeRequiresRecentLogin`-Updatingausersemailisasecuritysensitiveoperationthatrequiresarecentloginfromtheuser.Thiserrorindicatestheuserhasnotsignedinrecentlyenough.Toresolve,reauthenticatetheuserbycalling`reauthenticate(with:)`.

    SeeAuthErrors for a list of error codes that are common to allUser methods.

    Declaration

    Objective-C

    -(void)updateEmail:(nonnullNSString*)emailcompletion:(nullablevoid(^)(NSError*_Nullable))completion;

    Parameters

    email

    The email address for the user.

    completion

    Optionally; the block invoked when the user profile change has finished. Invoked asynchronously on the main thread in the future.

  • Updates the password for the user. On success, the cached user profile data is updated.

    Possible error codes:

    +`AuthErrorCodeOperationNotAllowed`-Indicatestheadministratordisabledsigninwiththespecifiedidentityprovider.+`AuthErrorCodeRequiresRecentLogin`-Updatingauserspasswordisasecuritysensitiveoperationthatrequiresarecentloginfromtheuser.Thiserrorindicatestheuserhasnotsignedinrecentlyenough.Toresolve,reauthenticatetheuserbycalling`reauthenticate(with:)`.+`AuthErrorCodeWeakPassword`-Indicatesanattempttosetapasswordthatisconsideredtooweak.The`NSLocalizedFailureReasonErrorKey`fieldinthe`userInfo`dictionaryobjectwillcontainmoredetailedexplanationthatcanbeshowntotheuser.

    SeeAuthErrors for a list of error codes that are common to allUser methods.

    Declaration

    Objective-C

    -(void)updatePassword:(nonnullNSString*)passwordcompletion:(nullablevoid(^)(NSError*_Nullable))completion;

    Parameters

    password

    The new password for the user.

    completion

    Optionally; the block invoked when the user profile change has finished.Invoked asynchronously on the main thread in the future.

  • Updates the phone number for the user. On success, the cached user profile data is updated. This method is available on iOS only.

    Possible error codes:

    +`AuthErrorCodeRequiresRecentLogin`-Updatingausersphonenumberisasecuritysensitiveoperationthatrequiresarecentloginfromtheuser.Thiserrorindicatestheuserhasnotsignedinrecentlyenough.Toresolve,reauthenticatetheuserbycalling`reauthenticate(with:)`.

    SeeAuthErrors for a list of error codes that are common to allUser methods.

    Declaration

    Objective-C

    -(void)updatePhoneNumberCredential:(nonnullFIRPhoneAuthCredential*)phoneNumberCredentialcompletion:(nullablevoid(^)(NSError*_Nullable))completion;

    Parameters

    phoneNumberCredential

    The new phone number credential corresponding to the phone numberto be added to the Firebase account, if a phone number is already linked to the account thisnew phone number will replace it.

    completion

    Optionally; the block invoked when the user profile change has finished.Invoked asynchronously on the main thread in the future.

  • Creates an object which may be used to change the user’s profile data.

    Set the properties of the returned object, then callUserProfileChangeRequest.commitChanges() to perform the updates atomically.

    Declaration

    Objective-C

    -(nonnullFIRUserProfileChangeRequest*)profileChangeRequest;

    Return Value

    An object which may be used to change the user’s profile data atomically.

  • Reloads the user’s profile data from the server.

    May fail with aAuthErrorCodeRequiresRecentLogin error code. In this case you should callreauthenticate(with:) before re-invokingupdateEmail(to:).

    SeeAuthErrors for a list of error codes that are common to all API methods.

    Declaration

    Objective-C

    -(void)reloadWithCompletion:(nullablevoid(^)(NSError*_Nullable))completion;

    Parameters

    completion

    Optionally; the block invoked when the reload has finished. Invokedasynchronously on the main thread in the future.

  • Renews the user’s authentication tokens by validating a fresh set of credentials supplied by the user and returns additional identity provider data.

    If the user associated with the supplied credential is different from the current user, or if the validation of the supplied credentials fails; an error is returned and the current user remains signed in.

    Possible error codes:

    +`AuthErrorCodeInvalidCredential`-Indicatesthesuppliedcredentialisinvalid.Thiscouldhappenifithasexpiredoritismalformed.+`AuthErrorCodeOperationNotAllowed`-Indicatesthataccountswiththeidentityproviderrepresentedbythecredentialarenotenabled.EnablethemintheAuthsectionoftheFirebaseconsole.+`AuthErrorCodeEmailAlreadyInUse`-Indicatestheemailassertedbythecredential(e.g.theemailinaFacebookaccesstoken)isalreadyinusebyanexistingaccount,thatcannotbeauthenticatedwiththismethod.Thiserrorwillonlybethrownifthe"One account per email address"settingisenabledintheFirebaseconsole,underAuthsettings.PleasenotethattheerrorcoderaisedinthisspecificsituationmaynotbethesameonWebandAndroid.+`AuthErrorCodeUserDisabled`-Indicatestheuser'saccountisdisabled.+`AuthErrorCodeWrongPassword`-Indicatestheuserattemptedreauthenticationwithanincorrectpassword,ifcredentialisofthetype`EmailPasswordAuthCredential`.+`AuthErrorCodeUserMismatch`-Indicatesthatanattemptwasmadetoreauthenticatewithauserwhichisnotthecurrentuser.+`AuthErrorCodeInvalidEmail`-Indicatestheemailaddressismalformed.

    SeeFIRAuthErrors for a list of error codes that are common to all API methods.

    Declaration

    Objective-C

    -(void)reauthenticateWithCredential:(nonnullFIRAuthCredential*)credentialcompletion:(nullablevoid(^)(FIRAuthDataResult*_Nullable,NSError*_Nullable))completion;

    Parameters

    credential

    A user-supplied credential, which will be validated by the server. This can bea successful third-party identity provider sign-in, or an email address and password.

    completion

    Optionally; the block invoked when the re-authentication operation hasfinished. Invoked asynchronously on the main thread in the future.

  • Renews the user’s authentication using the provided auth provider instance. This method is available on iOS, macOS Catalyst, and tvOS only.

    Declaration

    Objective-C

    -(void)reauthenticateWithProvider:(nonnullid<FIRFederatedAuthProvider>)providerUIDelegate:(nullableid<FIRAuthUIDelegate>)UIDelegatecompletion:(nullablevoid(^)(FIRAuthDataResult*_Nullable,NSError*_Nullable))completion;

    Parameters

    provider

    An instance of an auth provider used to initiate the reauthenticate flow.

    UIDelegate

    Optionally an instance of a class conforming to theAuthUIDelegateprotocol, used for presenting the web context. If nil, a defaultAuthUIDelegatewill be used.

    completion

    Optionally; a block which is invoked when the reauthenticate flow finishes, oris canceled. Invoked asynchronously on the main thread in the future.

  • Retrieves the Firebase authentication token, possibly refreshing it if it has expired.

    SeeAuthErrors for a list of error codes that are common to all API methods.

    Declaration

    Objective-C

    -(void)getIDTokenResultWithCompletion:(nullablevoid(^)(FIRAuthTokenResult*_Nullable,NSError*_Nullable))completion;

    Parameters

    completion

    Optionally; the block invoked when the token is available. Invokedasynchronously on the main thread in the future.

  • Retrieves the Firebase authentication token, possibly refreshing it if it has expired.

    The authentication token will be refreshed (by making a network request) if it has expired, or ifforceRefresh is YES.

    SeeAuthErrors for a list of error codes that are common to all API methods.

    Declaration

    Objective-C

    -(void)getIDTokenResultForcingRefresh:(BOOL)forceRefreshcompletion:(nullablevoid(^)(FIRAuthTokenResult*_Nullable,NSError*_Nullable))completion;

    Parameters

    forceRefresh

    Forces a token refresh. Useful if the token becomes invalid for some reasonother than an expiration.

    completion

    Optionally; the block invoked when the token is available. Invokedasynchronously on the main thread in the future.

  • Retrieves the Firebase authentication token, possibly refreshing it if it has expired.

    SeeAuthErrors for a list of error codes that are common to all API methods.

    Declaration

    Objective-C

    -(void)getIDTokenWithCompletion:(nullablevoid(^)(NSString*_Nullable,NSError*_Nullable))completion;

    Parameters

    completion

    Optionally; the block invoked when the token is available. Invokedasynchronously on the main thread in the future.

  • Retrieves the Firebase authentication token, possibly refreshing it if it has expired.

    The authentication token will be refreshed (by making a network request) if it has expired, or ifforceRefresh is true.

    SeeAuthErrors for a list of error codes that are common to all API methods.

    Declaration

    Objective-C

    -(void)getIDTokenForcingRefresh:(BOOL)forceRefreshcompletion:(nullablevoid(^)(NSString*_Nullable,NSError*_Nullable))completion;

    Parameters

    forceRefresh

    Forces a token refresh. Useful if the token becomes invalid for some reasonother than an expiration.

    completion

    Optionally; the block invoked when the token is available. Invokedasynchronously on the main thread in the future.

  • Associates a user account from a third-party identity provider with this user and returns additional identity provider data.

    Possible error codes:

    +`AuthErrorCodeProviderAlreadyLinked`-Indicatesanattempttolinkaproviderofatypealreadylinkedtothisaccount.+`AuthErrorCodeCredentialAlreadyInUse`-IndicatesanattempttolinkwithacredentialthathasalreadybeenlinkedwithadifferentFirebaseaccount.+`AuthErrorCodeOperationNotAllowed`-Indicatesthataccountswiththeidentityproviderrepresentedbythecredentialarenotenabled.EnablethemintheAuthsectionoftheFirebaseconsole.

    This method may also return error codes associated withupdateEmail(to:) andupdatePassword(to:) onUser.

    SeeAuthErrors for a list of error codes that are common to allUser methods.

    Declaration

    Objective-C

    -(void)linkWithCredential:(nonnullFIRAuthCredential*)credentialcompletion:(nullablevoid(^)(FIRAuthDataResult*_Nullable,NSError*_Nullable))completion;

    Parameters

    credential

    The credential for the identity provider.

    completion

    Optionally; the block invoked when the unlinking is complete, or fails.Invoked asynchronously on the main thread in the future.

  • link the user with the provided auth provider instance. This method is available on iOS, macOS Catalyst, and tvOS only.

    Declaration

    Objective-C

    -(void)linkWithProvider:(nonnullid<FIRFederatedAuthProvider>)providerUIDelegate:(nullableid<FIRAuthUIDelegate>)UIDelegatecompletion:(nullablevoid(^)(FIRAuthDataResult*_Nullable,NSError*_Nullable))completion;

    Parameters

    provider

    An instance of an auth provider used to initiate the link flow.

    UIDelegate

    Optionally an instance of a class conforming to theAuthUIDelegateprotocol used for presenting the web context. If nil, a defaultAuthUIDelegatewill be used.

    completion

    Optionally; a block which is invoked when the link flow finishes, oris canceled. Invoked asynchronously on the main thread in the future.

  • Disassociates a user account from a third-party identity provider with this user.

    Possible error codes:

    +`AuthErrorCodeNoSuchProvider`-Indicatesanattempttounlinkaproviderthatisnotlinkedtotheaccount.+`AuthErrorCodeRequiresRecentLogin`-Updatingemailisasecuritysensitiveoperationthatrequiresarecentloginfromtheuser.Thiserrorindicatestheuserhasnotsignedinrecentlyenough.Toresolve,reauthenticatetheuserbycalling`reauthenticate(with:)`.

    SeeAuthErrors for a list of error codes that are common to allUser methods.

    Declaration

    Objective-C

    -(void)unlinkFromProvider:(nonnullNSString*)providercompletion:(nullablevoid(^)(FIRUser*_Nullable,NSError*_Nullable))completion;

    Parameters

    provider

    The provider ID of the provider to unlink.

    completion

    Optionally; the block invoked when the unlinking is complete, or fails.Invoked asynchronously on the main thread in the future.

  • Initiates email verification for the user.

    Possible error codes:

    +`AuthErrorCodeInvalidRecipientEmail`-Indicatesaninvalidrecipientemailwassentintherequest.+`AuthErrorCodeInvalidSender`-Indicatesaninvalidsenderemailissetintheconsoleforthisaction.+`AuthErrorCodeInvalidMessagePayload`-Indicatesaninvalidemailtemplateforsendingupdateemail.+`AuthErrorCodeUserNotFound`-Indicatestheuseraccountwasnotfound.

    SeeAuthErrors for a list of error codes that are common to allUser methods.

    Declaration

    Objective-C

    -(void)sendEmailVerificationWithCompletion:(nullablevoid(^)(NSError*_Nullable))completion;

    Parameters

    completion

    Optionally; the block invoked when the request to send an email verificationis complete, or fails. Invoked asynchronously on the main thread in the future.

  • Initiates email verification for the user.

    Possible error codes:

    +`AuthErrorCodeInvalidRecipientEmail`-Indicatesaninvalidrecipientemailwassentintherequest.+`AuthErrorCodeInvalidSender`-Indicatesaninvalidsenderemailissetintheconsoleforthisaction.+`AuthErrorCodeInvalidMessagePayload`-Indicatesaninvalidemailtemplateforsendingupdateemail.+`AuthErrorCodeUserNotFound`-Indicatestheuseraccountwasnotfound.+`AuthErrorCodeMissingIosBundleID`-IndicatesthattheiOSbundleIDismissingwhenaiOSAppStoreIDisprovided.+`AuthErrorCodeMissingAndroidPackageName`-Indicatesthattheandroidpackagenameismissingwhenthe`androidInstallApp`flagissettotrue.+`AuthErrorCodeUnauthorizedDomain`-IndicatesthatthedomainspecifiedinthecontinueURLisnotallowlistedintheFirebaseconsole.+`AuthErrorCodeInvalidContinueURI`-IndicatesthatthedomainspecifiedinthecontinueURLisnotvalid.

    Declaration

    Objective-C

    -(void)sendEmailVerificationWithActionCodeSettings:(nonnullFIRActionCodeSettings*)actionCodeSettingscompletion:(nullablevoid(^)(NSError*_Nullable))completion;

    Parameters

    actionCodeSettings

    AnActionCodeSettings object containing settings related tohandling action codes.

  • Deletes the user account (also signs out the user, if this was the current user).

    Possible error codes:

    +`AuthErrorCodeRequiresRecentLogin`-Updatingemailisasecuritysensitiveoperationthatrequiresarecentloginfromtheuser.Thiserrorindicatestheuserhasnotsignedinrecentlyenough.Toresolve,reauthenticatetheuserbycalling`reauthenticate(with:)`.

    SeeAuthErrors for a list of error codes that are common to allUser methods.

    Declaration

    Objective-C

    -(void)deleteWithCompletion:(nullablevoid(^)(NSError*_Nullable))completion;

    Parameters

    completion

    Optionally; the block invoked when the request to delete the account iscomplete, or fails. Invoked asynchronously on the main thread in the future.

  • Send an email to verify the ownership of the account then update to the new email.

    Declaration

    Objective-C

    -(void)sendEmailVerificationBeforeUpdatingEmail:(nonnullNSString*)emailcompletion:(nullablevoid(^)(NSError*_Nullable))completion;

    Parameters

    email

    The email to be updated to.

    completion

    Optionally; the block invoked when the request to send the verificationemail is complete, or fails.

  • Send an email to verify the ownership of the account then update to the new email.

    Declaration

    Objective-C

    -(void)sendEmailVerificationBeforeUpdatingEmail:(nonnullNSString*)emailactionCodeSettings:(nonnullFIRActionCodeSettings*)actionCodeSettingscompletion:(nullablevoid(^)(NSError*_Nullable))completion;

    Parameters

    email

    The email to be updated to.

    actionCodeSettings

    AnActionCodeSettings object containing settings related tohandling action codes.

    completion

    Optionally; the block invoked when the request to send the verificationemail is complete, or fails.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2024-02-06 UTC.