You're viewing the legacy docs. They are deprecated as of May 18, 2016.
These docs are for version 2.5.2 and below of the Java SDK. Go to our current docs, or see our Android migration guide.

Java Android Guide

Anonymous Authentication

Anonymous Authentication

Firebase Authentication provides an easy way to create anonymous guest accounts in your application, which lets you enforce user-specific Security and Firebase Rules without requiring credentials from your users.

Each time a user authenticates anonymously, a new, unique user ID will be generated, and your Firebase database reference will be authenticated using these new credentials. The session will live until its configured expiration time in the Login & Auth tab of your App Dashboard, or when you explicitly end the session by calling unauth().

This is particularly useful in applications where you don't want to require account creation or log in, but security rules are required to ensure that users only have access to a specific set of data.

Signing Users In Anonymously

Once an account has been created, you can sign a user in to that account like so:

Firebase ref = new Firebase("https://<YOUR-FIREBASE-APP>");
ref.authAnonymously(new Firebase.AuthResultHandler() {
    public void onAuthenticated(AuthData authData) {
        // we've authenticated this session with your Firebase app

    public void onAuthenticationError(FirebaseError firebaseError) {
        // there was an error

The authData object returned to your callback contains the following getter methods:

authData Object
Field Description Type
getUid() A unique user ID, intended as the user's unique key across all providers. String
getProvider() The authentication method used, in this case: anonymous. String
getToken() The Firebase authentication token for this session. String
getAuth() The contents of the authentication token, which will be available as the auth variable within your Security and Firebase Rules. Map<String,Object>
getExpires() A timestamp, in seconds since the UNIX epoch, indicating when the authentication token expires. Long
getProviderData() A Map containing provider-specific data. In this case, an empty Map. Map<String,Object>

Security & Rules

Now that the client is logged in, your Security and Firebase Rules have access to their unique user ID. The auth variable contains the following values:

auth Variable
Field Description Type
provider The authentication method used, in this case, anonymous. String
uid A unique ID combining the provider and ID, intended as the user's unique key across all providers. String

Here is an example of how to use the auth variable in your Security and Firebase Rules:

  "rules": {
    "users": {
      "$uid": {
        // grants write access to the owner of this user account whose uid must exactly match the key ($uid)
        ".write": "auth !== null && auth.uid === $uid",

        // grants read access to any user who is logged in anonymously
        ".read": "auth !== null && auth.provider === 'anonymous'"
See the User Based Security articles for more details.
  1. 1


    Installation & Setup

  2. 2


    Understanding Data

  3. 3


    Saving Data

  4. 4


    Retrieving Data

  5. 5


    Structuring Data

  6. 6


    Understanding Security

  7. 7


    User Authentication

  8. 8


    Offline Capabilities