Firebase Auth Basics

1---2name: firebase-auth-basics3description: Guide for setting up and using Firebase Authentication. Use this skill when the user's app requires user sign-in, user management, or secure data access using auth rules.4compatibility: This skill is best used with the Firebase CLI, but does not require it. Firebase CLI can be accessed through `npx -y firebase-tools@latest`.5---6 7## Prerequisites8 9- **Firebase Project**: Created via `npx -y firebase-tools@latest projects:create` (see `firebase-basics`).10- **Firebase CLI**: Installed and logged in (see `firebase-basics`).11 12## Core Concepts13 14Firebase Authentication provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app.15 16### Users17 18A user is an entity that can sign in to your app. Each user is identified by a unique ID (`uid`) which is guaranteed to be unique across all providers.19User properties include:20- `uid`: Unique identifier.21- `email`: User's email address (if available).22- `displayName`: User's display name (if available).23- `photoURL`: URL to user's photo (if available).24- `emailVerified`: Boolean indicating if the email is verified.25 26### Identity Providers27 28Firebase Auth supports multiple ways to sign in:29- **Email/Password**: Basic email and password authentication.30- **Federated Identity Providers**: Google, Facebook, Twitter, GitHub, Microsoft, Apple, etc.31- **Phone Number**: SMS-based authentication.32- **Anonymous**: Temporary guest accounts that can be linked to permanent accounts later.33- **Custom Auth**: Integrate with your existing auth system.34 35Google Sign In is recommended as a good and secure default provider.36 37### Tokens38 39When a user signs in, they receive an ID Token (JWT). This token is used to identify the user when making requests to Firebase services (Realtime Database, Cloud Storage, Firestore) or your own backend.40- **ID Token**: Short-lived (1 hour), verifies identity.41- **Refresh Token**: Long-lived, used to get new ID tokens.42 43## Workflow44 45### 1. Provisioning46 47#### Option 1. Enabling Authentication via CLI48 49Only Google Sign In, anonymous auth, and email/password auth can be enabled via CLI. For other providers, use the Firebase Console.50 51Configure Firebase Authentication in `firebase.json` by adding an 'auth' block:52 53```54{55  "auth": {56    "providers": {57      "anonymous": true,58      "emailPassword": true,59      "googleSignIn": {60        "oAuthBrandDisplayName": "Your Brand Name",61        "supportEmail": "support@example.com",62        "authorizedRedirectUris": ["https://example.com"]63      }64    }65  }66}67```68 69#### Option 2. Enabling Authentication in Console70 71Enable other providers in the Firebase Console.72 731.  Go to the https://console.firebase.google.com/project/_/authentication/providers742.  Select your project.753.  Enable the desired Sign-in providers (e.g., Email/Password, Google).76 77### 2. Client Setup & Usage78 79**Web**80See [references/client_sdk_web.md](references/client_sdk_web.md).81 82### 3. Security Rules83 84Secure your data using `request.auth` in Firestore/Storage rules.85 86See [references/security_rules.md](references/security_rules.md).