You can let your users authenticate with Firebase using their Apple ID by using the Firebase SDK and the Apple Sign In extension to carry out the end-to-end OAuth 2.0 sign-in flow.
Important: To sign in with an Apple account, users must:
- Have an Apple ID with two-factor authentication (2FA) enabled.
- Be signed in to iCloud on an Apple device.
See How to use Sign in with Apple. You will also need to meet these requirements to test your integration with Sign In with Apple.
To sign in users using Apple, first configure Sign In with Apple on Apple's developer site, then enable Apple as a sign-in provider for your Firebase project.
Follow the guide in the:
For iOS devices you will need access to the AppleSignIn extension to perform the "Sign in with Apple".
The iOS authentication with Firebase is a two step process similar to many of the other providers. You will firstly perform the normal Sign in with Apple process and then authenticate with Firebase.
To perform this step you will need to add the AppleSignIn extension.
Then to perform the actual sign in setup the standard
AppleSignInOptions and call
Once you have successfully performed the Sign in with Apple you will need to use the Apple Id credentials to construct a Firebase
OAuthCredential. You will need the ID Token and the raw nonce from the success event.
It is important to note that the credentials returned from the Apple Sign In ANE are base64 encoded so you will need to decode them before passing to Firebase
Then use these values to create the
apple.com as the provider id:
Once you have created the
OAuthCredential object you call
signInWithCredential() passing in this
This may return
false if your
credential was invalid.
If successful you will receive the
FirebaseAuthEvent.SIGNIN_WITH_CREDENTIAL_COMPLETE which will indicate the success of the sign in:
The AppleSignIn extension is not required for Android, the parts that we implemented in that ANE are replicated by Firebase. The easiest way to authenticate your users with Firebase using their Apple accounts is to handle the entire sign-in flow with the Firebase Android SDK.
To handle the sign-in flow with the Firebase Android SDK, follow these steps:
- Construct an instance of the
- Optional: Specify additional OAuth 2.0 scopes beyond the default that you want to request from the authentication provider using
- Optional: If you want to display Apple's sign-in screen in a language other than English, set the locale parameter.
- Authenticate with Firebase using the OAuth provider object by calling
startSignInWithProviderand awaiting the
FirebaseAuthEvent.SIGNIN_WITH_PROVIDER_COMPLETE. Note that unlike other FirebaseAuth operations, this will take control of your UI by opening a Custom Chrome Tab.
This completes with the
Once you have completed the authentication with Firebase ou should expect the normal
FirebaseAuthEvent.AUTHSTATE_CHANGED event indicating that a user was authenticated and then you will be able to retrieve the user's details using the standard
getCurrentUser() where one of the providers will be the Apple details.
Unlike other providers supported by Firebase Auth, Apple does not provide a photo URL.
Also, when the user chooses not to share their email with the app, Apple provisions a unique email address for that user (of the form email@example.com), which it shares with your app. If you configured the private email relay service, Apple forwards emails sent to the anonymized address to the user's real email address.
Apple only shares user information such as the display name with apps the first time a user signs in. Usually, Firebase stores the display name the first time a user signs in with Apple, which you can get with the above. However, if you previously used Apple to sign a user in to the app without using Firebase, Apple will not provide Firebase with the user's display name.
The following example demonstrates how to use the above concepts across both Android and iOS using the auth state changed event to listen for the user authentication.