You're viewing the legacy docs. They are deprecated as of May 18, 2016.
These docs are for version 2.5.2 and below of the Java SDK. Go to our current docs, or see our Android migration guide.

Java Android Guide

Facebook Authentication

Configuring Your Application

To get started with Facebook authentication, you need to first create a new Facebook application. Click the Add a New App button in the top right of that page and select Android as your platform. Then choose an App ID and click Create New Facebook App ID. Select your app's category and click Create App ID. Skip to the App Info section of the quickstart and fill out the Package Name and Default Activity Class Name. In the next step, add the Development Key Hashes for your Android application. When your app is ready to be published, add your Release Key Hashes. Then click on Skip to Developer Dashboard at the end of the quickstart.

Next, you'll need to get your app credentials from Facebook. In your Facebook app configuration, click on the Settings tab on the left-hand navigation menu. Click on the Basic tab at the top of the page. Towards the top of this page, you will see your App ID and App Secret. Your App ID will be displayed in plain text and you can view your App Secret by clicking on the Show button and typing in your Facebook password. Copy these Facebook application credentials (App ID and Secret) in to the Login & Auth section in your App Dashboard.

You'll need to use the Facebook SDK for Android to your application. Follow these steps: Getting Started with the Facebook SDK for Android.

Next, you will need to configure your application to support plugging into the Facebook SDK in order to log users in. Follow these steps: Facebook Login Flow for Android.

Adding Contact Information

Facebook requires that you have a valid contact email specified in order to make your app available to all users. You can specify this email address from the same Basic tab within the Settings section. After you have provided your email, click on Save Changes. The last thing you need to do to approve your app is click on the Status & Review tab on the left-hand navigation menu and move the slider at the top of that page to the Yes position. When prompted with a popup, click Confirm. Your app will now be live and can be used with Firebase.

Authenticating Facebook Users to Your Firebase App

Once your application has been setup to log users in with the Facebook provider, your application can take advantage of Security and Firebase Rules to protect your data.

To log a user in, you will need your Facebook App ID. In addition, you will need the access token returned by the login flow provided by the Facebook SDK. Following the setup provided by Facebook, you can plug into Firebase authentication in the onFacebookSessionStateChange().

Firebase ref = new Firebase("https://<YOUR-FIREBASE-APP>");

private void onFacebookAccessTokenChange(AccessToken token) {
    if (token != null) {
        ref.authWithOAuthToken("facebook", token.getToken(), new Firebase.AuthResultHandler() {
            public void onAuthenticated(AuthData authData) {
                // The Facebook user is now authenticated with your Firebase app

            public void onAuthenticationError(FirebaseError firebaseError) {
                // there was an error
    } else {
        /* Logged out of Facebook so do a logout from the Firebase app */

The authData object returned to your callback contains the following getter methods:

authData Object
Field Description Type
getUid() A unique user ID, intended as the user's unique key across all providers. String
getProvider() The authentication method used, in this case: facebook. String
getToken() The Firebase authentication token for this session. String
getAuth() The contents of the authentication token, which will be available as the auth variable within your Security and Firebase Rules. Map<String,Object>
getExpires() A timestamp, in seconds since the UNIX epoch, indicating when the authentication token expires. Long
getProviderData() A Map containing provider-specific data. Map<String,Object>
getProviderData.get("id") The Facebook user's ID. This ID is unique to each Facebook application and cannot be used across different apps. String
getProviderData.get("accessToken") The Facebook OAuth 2.0 access token granted by Facebook during user authentication. String
getProviderData.get("displayName") The Facebook user's full name. String
getProviderData.get("email") The Facebook user's primary email address as listed on their profile. Returned only if a valid email address is available, and the Facebook email permission was granted by the user. String
getProviderData.get("profileImageURL") The URL of the Facebook user's profile picture. String
getProviderData.get("cachedUserProfile") The Facebook user's raw profile, as specified by Facebook's user documentation. Note that the data included in this payload is generated by Facebook and may be changed by them at any time. Map<String,String>

Security & Rules

Now that the client is logged in, your Security and Firebase Rules have access to their verified account data. The auth variable contains the following values:

auth Variable
Field Description Type
uid A unique user ID, intended as the user's unique key across all providers. String
provider The authentication method used, in this case: facebook. String

Here is an example of how to use the auth variable in your Security and Firebase Rules:

  "rules": {
    "users": {
      "$uid": {
        // grants write access to the owner of this user account whose uid must exactly match the key ($uid)
        ".write": "auth !== null && auth.uid === $uid",

        // grants read access to any user who is logged in facebook
        ".read": "auth !== null && auth.provider === 'facebook'"
See the User Based Security articles for more details.
  1. 1


    Installation & Setup

  2. 2


    Understanding Data

  3. 3


    Saving Data

  4. 4


    Retrieving Data

  5. 5


    Structuring Data

  6. 6


    Understanding Security

  7. 7


    User Authentication

  8. 8


    Offline Capabilities