firebase-auth-basics

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Prerequisites

前提条件

Firebase Project: Created via

npx -y firebase-tools@latest projects:create

(see

firebase-basics

Firebase CLI: Installed and logged in (see
```
firebase-basics
```
).

Firebase 项目：通过

npx -y firebase-tools@latest projects:create

创建（详见

firebase-basics

）。

Firebase CLI：已安装并登录（详见
```
firebase-basics
```
）。

Core Concepts

核心概念

Firebase Authentication provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app.

Firebase Authentication 提供后端服务、易用的 SDK 以及现成的 UI 库，用于验证应用用户身份。

Users

用户

A user is an entity that can sign in to your app. Each user is identified by a unique ID (

uid

) which is guaranteed to be unique across all providers. User properties include:

```
uid
```
: Unique identifier.
```
email
```
: User's email address (if available).
```
displayName
```
: User's display name (if available).
```
photoURL
```
: URL to user's photo (if available).
```
emailVerified
```
: Boolean indicating if the email is verified.

用户是可登录应用的实体。每个用户由唯一 ID（

uid

）标识，该 ID 在所有提供商中保证唯一。用户属性包括：

```
uid
```
：唯一标识符。
```
email
```
：用户的电子邮箱（若可用）。
```
displayName
```
：用户的显示名称（若可用）。
```
photoURL
```
：用户头像的 URL（若可用）。
```
emailVerified
```
：表示邮箱是否已验证的布尔值。

Identity Providers

身份提供商

Firebase Auth supports multiple ways to sign in:

Email/Password: Basic email and password authentication.
Federated Identity Providers: Google, Facebook, Twitter, GitHub, Microsoft, Apple, etc.
Phone Number: SMS-based authentication.
Anonymous: Temporary guest accounts that can be linked to permanent accounts later.
Custom Auth: Integrate with your existing auth system.

Google Sign In is recommended as a good and secure default provider.

Firebase Auth 支持多种登录方式：

邮箱/密码：基础的邮箱密码验证。
联合身份提供商：Google、Facebook、Twitter、GitHub、Microsoft、Apple 等。
手机号码：基于 SMS 的验证。
匿名登录：临时访客账户，后续可关联至永久账户。
自定义身份验证：与现有身份验证系统集成。

推荐将 Google 登录作为安全可靠的默认提供商。

Tokens

令牌

When a user signs in, they receive an ID Token (JWT). This token is used to identify the user when making requests to Firebase services (Realtime Database, Cloud Storage, Firestore) or your own backend.

ID Token: Short-lived (1 hour), verifies identity.
Refresh Token: Long-lived, used to get new ID tokens.

用户登录后，会获得一个 ID Token（JWT）。该令牌用于在向 Firebase 服务（实时数据库、Cloud Storage、Firestore）或自有后端发起请求时标识用户身份。

ID Token：短期有效（1小时），用于验证身份。
Refresh Token：长期有效，用于获取新的 ID Token。

Workflow

工作流程

1. Provisioning

1. 配置步骤

Option 1. Enabling Authentication via CLI

选项1：通过 CLI 启用身份验证

Only Google Sign In, anonymous auth, and email/password auth can be enabled via CLI. For other providers, use the Firebase Console.

Configure Firebase Authentication in

firebase.json

by adding an 'auth' block:

{
  "auth": {
    "providers": {
      "anonymous": true,
      "emailPassword": true,
      "googleSignIn": {
        "oAuthBrandDisplayName": "Your Brand Name",
        "supportEmail": "support@example.com",
        "authorizedRedirectUris": ["https://example.com"]
      }
    }
  }
}

CRITICAL: After configuring

firebase.json

, you MUST deploy the auth configuration to the Firebase backend for the changes to take effect. This is essential for auth providers like Google Sign-In, email/password, etc. to auto-generate the necessary OAuth clients for your app platforms. Run:

bash

npx -y firebase-tools@latest deploy --only auth

仅 Google 登录、匿名验证和邮箱/密码验证可通过 CLI 启用。其他提供商需使用 Firebase 控制台。

在

firebase.json

中添加 'auth' 块来配置 Firebase Authentication：

{
  "auth": {
    "providers": {
      "anonymous": true,
      "emailPassword": true,
      "googleSignIn": {
        "oAuthBrandDisplayName": "Your Brand Name",
        "supportEmail": "support@example.com",
        "authorizedRedirectUris": ["https://example.com"]
      }
    }
  }
}

重要提示：配置

firebase.json

后，必须将身份验证配置部署到 Firebase 后端，更改才能生效。这对于 Google 登录、邮箱/密码等身份提供商自动为应用平台生成必要的 OAuth 客户端至关重要。运行以下命令：

bash

npx -y firebase-tools@latest deploy --only auth

Option 2. Enabling Authentication in Console

选项2：在控制台中启用身份验证

Enable other providers in the Firebase Console.

Go to the https://console.firebase.google.com/project/_/authentication/providers
Select your project.
Enable the desired Sign-in providers (e.g., Email/Password, Google).

在 Firebase 控制台中启用其他提供商。

访问 https://console.firebase.google.com/project/_/authentication/providers
选择你的项目。
启用所需的登录提供商（如邮箱/密码、Google）。

2. Client Setup & Usage

2. 客户端设置与使用

Web See references/client_sdk_web.md.

Flutter See references/flutter_setup.md. Android (Kotlin) See references/client_sdk_android.md.

Web 详见 references/client_sdk_web.md。

Flutter 详见 references/flutter_setup.md。 Android (Kotlin) 详见 references/client_sdk_android.md。

3. Security Rules

3. 安全规则

Secure your data using

request.auth

in Firestore/Storage rules.

See references/security_rules.md.

在 Firestore/Storage 规则中使用

request.auth

保护数据安全。

详见 references/security_rules.md。