Firebase Auth Basics

Name: Firebase Auth Basics
Author: firebase

firebase/agent-skills

Add Firebase sign-in, user profiles, and security rules when your app needs authenticated users.

Overview

firebase-auth-basics is an agent skill for the Build phase that guides Firebase Authentication setup, identity providers, and secure data access with auth rules.

Install

npx skills add https://github.com/firebase/agent-skills --skill firebase-auth-basics

What is this skill?

Documents Firebase Auth core concepts: uid, email, displayName, photoURL, and emailVerified
Covers Email/Password, federated providers (Google, Apple, GitHub, etc.), phone SMS, and anonymous-to-permanent linking
Assumes Firebase CLI via `npx -y firebase-tools@latest` when tooling is needed
Ties authentication to secure data access using Firebase auth rules
Lists multiple identity provider families: email/password, federated OAuth, phone SMS, and anonymous accounts

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 75.7k installs on skills.sh; 345 GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

You need real users and protected data in Firebase but are unsure which providers to enable and how uids map to security rules.

Who is it for?

Solo builders shipping Firebase-backed apps who want standard sign-in options and rules without reading the entire Firebase docs tree first.

Skip if: Projects using a non-Firebase auth stack only, or apps with no user accounts and no auth-gated resources.

When should I use this skill?

The app requires user sign-in, user management, or secure data access using Firebase auth rules.

What do I get? / Deliverables

Your agent configures Firebase Auth flows and rule patterns so sign-in and user-scoped access work against your Firebase project.

Configured auth provider setup and client integration steps
Auth rules or access patterns scoped to authenticated uids

Recommended Skills

Entra App Registrationmicrosoft/azure-skills

Walkthrough for Microsoft Entra ID app registration, OAuth configuration, and MSAL-based authentication setup.374k installs·1.2k stars

Azure Aigatewaymicrosoft/azure-skills

Quick reference for building and operating Azure API Management as an AI gateway using ARM .NET SDK and policy best prac…373k installs·1.2k stars

Lark Openapi Explorerlarksuite/cli

Escalation path for uncovered Lark/Feishu APIs: browse official OpenAPI docs and execute via lark-cli.208k installs·13.7k stars

Supabasesupabase/agent-skills

Authoritative Supabase agent skill for database, auth, edge functions, and client SSR with emphasis on up-to-date docs, …111k installs·2.2k stars

Firebase Data Connectfirebase/agent-skills

Firebase Data Connect is an agent skill that equips solo builders to design relational data layers on Firebase using Gra…73.2k installs·345 stars

Convex Quickstartget-convex/agent-skills

Convex Quickstart is a procedural agent skill that gets a solo builder from zero to a working Convex deployment as fast …62.6k installs·31 stars

Journey fit

Primary fit

BuildBackend, data & payments

Authentication is wired during product implementation, not during initial idea research. Backend covers identity providers, uid lifecycle, and auth-gated data access patterns.

How it compares

Firebase-focused auth onboarding—not a generic OAuth tutorial detached from Firebase rules and CLI project setup.

Common Questions / FAQ

Who is firebase-auth-basics for?

Indie developers and small teams building on Firebase who need guided setup for sign-in, user records, and protected backend data.

When should I use firebase-auth-basics?

Use it in Build when you add login, social providers, phone auth, anonymous guests, or Firebase security rules that depend on authenticated uids.

Is firebase-auth-basics safe to install?

Treat CLI commands and rule changes as production-sensitive; review the Security Audits panel on this Prism page and your Firebase console before deploying rules.

Workflow Chain

Requires first: firebase basics

SKILL.md

READMESKILL.md - Firebase Auth Basics

## Prerequisites

- **Firebase Project**: Created via `npx -y firebase-tools@latest projects:create` (see `firebase-basics`).
- **Firebase CLI**: Installed and logged in (see `firebase-basics`).

## Core Concepts

Firebase Authentication provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app.

### Users

A user is an entity that can sign in to your app. Each user is identified by a unique ID (`uid`) which is guaranteed to be unique across all providers.
User properties include:
- `uid`: Unique identifier.
- `email`: User's email address (if available).
- `displayName`: User's display name (if available).
- `photoURL`: URL to user's photo (if available).
- `emailVerified`: Boolean indicating if the email is verified.

### Identity Providers

Firebase Auth supports multiple ways to sign in:
- **Email/Password**: Basic email and password authentication.
- **Federated Identity Providers**: Google, Facebook, Twitter, GitHub, Microsoft, Apple, etc.
- **Phone Number**: SMS-based authentication.
- **Anonymous**: Temporary guest accounts that can be linked to permanent accounts later.
- **Custom Auth**: Integrate with your existing auth system.

Google Sign In is recommended as a good and secure default provider.

### Tokens

When a user signs in, they receive an ID Token (JWT). This token is used to identify the user when making requests to Firebase services (Realtime Database, Cloud Storage, Firestore) or your own backend.
- **ID Token**: Short-lived (1 hour), verifies identity.
- **Refresh Token**: Long-lived, used to get new ID tokens.

## Workflow

### 1. Provisioning

#### Option 1. Enabling Authentication via CLI

Only Google Sign In, anonymous auth, and email/password auth can be enabled via CLI. For other providers, use the Firebase Console.

Configure Firebase Authentication in `firebase.json` by adding an 'auth' block:

```
{
  "auth": {
    "providers": {
      "anonymous": true,
      "emailPassword": true,
      "googleSignIn": {
        "oAuthBrandDisplayName": "Your Brand Name",
        "supportEmail": "support@example.com",
        "authorizedRedirectUris": ["https://example.com"]
      }
    }
  }
}
```

**CRITICAL**: After configuring `firebase.json`, you MUST deploy the auth configuration to the Firebase backend for the changes to take effect. This is essential for auth providers like Google Sign-In, email/password, etc. to auto-generate the necessary OAuth clients for your app platforms. Run:
```bash
npx -y firebase-tools@latest deploy --only auth
```

#### Option 2. Enabling Authentication in Console

Enable other providers in the Firebase Console.

1.  Go to the https://console.firebase.google.com/project/_/authentication/providers
2.  Select your project.
3.  Enable the desired Sign-in providers (e.g., Email/Password, Google).

### 2. Client Setup & Usage

**Web**
See [references/client_sdk_web.md](references/client_sdk_web.md).

**Flutter**
See [references/flutter_setup.md](references/flutter_setup.md).
**Android (Kotlin)**
See [references/client_sdk_android.md](references/client_sdk_android.md).

### 3. Security Rules

Secure your data using `request.auth` in Firestore/Storage rules.

See [references/security_rules.md](references/security_rules.md).


# Authentication in Security Rules

Firebase Security Rules work with Firebase Authentication to provide rule-based access control. For better advice on writing safe security rules,
enable the `firebase-firestore-basics`  or `firebase-storage-basics` skills.
 
The `request.auth` variable contains authentication information for the user request

What is this skill?

Documents Firebase Auth core concepts: uid, email, displayName, photoURL, and emailVerified

Covers Email/Password, federated providers (Google, Apple, GitHub, etc.), phone SMS, and anonymous-to-permanent linking

Assumes Firebase CLI via `npx -y firebase-tools@latest` when tooling is needed

Ties authentication to secure data access using Firebase auth rules

Lists multiple identity provider families: email/password, federated OAuth, phone SMS, and anonymous accounts

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 75.7k installs on skills.sh; 345 GitHub stars; 3/3 security scanners passed (skills.sh audits).

SKILL.md

READMESKILL.md - Firebase Auth Basics

## Prerequisites

- **Firebase Project**: Created via `npx -y firebase-tools@latest projects:create` (see `firebase-basics`).
- **Firebase CLI**: Installed and logged in (see `firebase-basics`).

## Core Concepts

Firebase Authentication provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app.

### Users

A user is an entity that can sign in to your app. Each user is identified by a unique ID (`uid`) which is guaranteed to be unique across all providers.
User properties include:
- `uid`: Unique identifier.
- `email`: User's email address (if available).
- `displayName`: User's display name (if available).
- `photoURL`: URL to user's photo (if available).
- `emailVerified`: Boolean indicating if the email is verified.

### Identity Providers

Firebase Auth supports multiple ways to sign in:
- **Email/Password**: Basic email and password authentication.
- **Federated Identity Providers**: Google, Facebook, Twitter, GitHub, Microsoft, Apple, etc.
- **Phone Number**: SMS-based authentication.
- **Anonymous**: Temporary guest accounts that can be linked to permanent accounts later.
- **Custom Auth**: Integrate with your existing auth system.

Google Sign In is recommended as a good and secure default provider.

### Tokens

When a user signs in, they receive an ID Token (JWT). This token is used to identify the user when making requests to Firebase services (Realtime Database, Cloud Storage, Firestore) or your own backend.
- **ID Token**: Short-lived (1 hour), verifies identity.
- **Refresh Token**: Long-lived, used to get new ID tokens.

## Workflow

### 1. Provisioning

#### Option 1. Enabling Authentication via CLI

Only Google Sign In, anonymous auth, and email/password auth can be enabled via CLI. For other providers, use the Firebase Console.

Configure Firebase Authentication in `firebase.json` by adding an 'auth' block:

```
{
  "auth": {
    "providers": {
      "anonymous": true,
      "emailPassword": true,
      "googleSignIn": {
        "oAuthBrandDisplayName": "Your Brand Name",
        "supportEmail": "support@example.com",
        "authorizedRedirectUris": ["https://example.com"]
      }
    }
  }
}
```

**CRITICAL**: After configuring `firebase.json`, you MUST deploy the auth configuration to the Firebase backend for the changes to take effect. This is essential for auth providers like Google Sign-In, email/password, etc. to auto-generate the necessary OAuth clients for your app platforms. Run:
```bash
npx -y firebase-tools@latest deploy --only auth
```

#### Option 2. Enabling Authentication in Console

Enable other providers in the Firebase Console.

1.  Go to the https://console.firebase.google.com/project/_/authentication/providers
2.  Select your project.
3.  Enable the desired Sign-in providers (e.g., Email/Password, Google).

### 2. Client Setup & Usage

**Web**
See [references/client_sdk_web.md](references/client_sdk_web.md).

**Flutter**
See [references/flutter_setup.md](references/flutter_setup.md).
**Android (Kotlin)**
See [references/client_sdk_android.md](references/client_sdk_android.md).

### 3. Security Rules

Secure your data using `request.auth` in Firestore/Storage rules.

See [references/security_rules.md](references/security_rules.md).


# Authentication in Security Rules

Firebase Security Rules work with Firebase Authentication to provide rule-based access control. For better advice on writing safe security rules,
enable the `firebase-firestore-basics`  or `firebase-storage-basics` skills.
 
The `request.auth` variable contains authentication information for the user request

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is firebase-auth-basics for?

When should I use firebase-auth-basics?

Is firebase-auth-basics safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is firebase-auth-basics for?

When should I use firebase-auth-basics?

Is firebase-auth-basics safe to install?

SKILL.md