You're viewing the legacy docs. They are deprecated as of May 18, 2016.
These docs are for version 2.5.2 and below of the Java SDK. Go to our current docs, or see our Android migration guide.

Java Android Guide

GitHub Authentication

Configuring Your Application

To get started with GitHub authentication, you need to first create a new GitHub application. Click the Register new application button at the top right of that page and fill in a name, description, and website for your application. Set the Authorization callback URL to<YOUR-FIREBASE-APP>/auth/github/callback so that GitHub's OAuth service can properly communicate with Firebase.

After configuring your GitHub application, head on over to the Login & Auth section in your App Dashboard. Enable GitHub authentication and then copy your GitHub application credentials (Client ID and Client Secret) into the appropriate inputs. You can find your GitHub application's client ID and secret at the top of the application's GitHub dashboard.

To use GitHub authentication in an Android environment you'll need to follow the GitHub API Non-Web Application Flow.

Authenticating GitHub Users to Your Firebase App

Once your application has been setup to log users in with the GitHub provider, your application can take advantage of Security and Firebase Rules to protect your data.

To log a user in, you will need a GitHub OAuth access token returned by the login flow provided by the GitHub API:

Firebase ref = new Firebase("https://<YOUR-FIREBASE-APP>");
ref.authWithOAuthToken("github", "<OAuth Token>", new Firebase.AuthResultHandler() {
    public void onAuthenticated(AuthData authData) {
        // the GitHub user is now authenticated with your Firebase app

    public void onAuthenticationError(FirebaseError firebaseError) {
        // there was an error

The authData object returned to your callback contains the following getter methods:

authData Object
Field Description Type
getUid() A unique user ID, intended as the user's unique key across all providers. String
getProvider() The authentication method used, in this case: github. String
getToken() The Firebase authentication token for this session. String
getAuth() The contents of the authentication token, which will be available as the auth variable within your Security and Firebase Rules. Map<String,Object>
getExpires() A timestamp, in seconds since the UNIX epoch, indicating when the authentication token expires. Long
getProviderData() A Map containing provider-specific data. Map<String,Object>
getProviderData().get("id") The Github user's ID. String
getProviderData().get("accessToken") The Github OAuth 2.0 access token granted by Github during user authentication. String
getProviderData().get("displayName") The Github user's full name. String
getProviderData().get("email") The GitHub user's primary, verified email address as listed on their profile. Returned only if a primary, verified email address is available, and the GitHub user:email scope was granted by the user. String
getProviderData().get("username") The Github user's username. String
getProviderData().get("profileImageURL") The URL of the Github user's profile picture. String
getProviderData().get("cachedUserProfile") The GitHub user's raw profile, as specified by GitHub's user documentation. Note that the data included in this payload is generated by GitHub and may be changed by them at any time. Map<String,String>

Security & Rules

Now that the client is logged in, your Security and Firebase Rules have access to their verified account data. The auth variable contains the following values:

auth Variable
Field Description Type
uid A unique user ID, intended as the user's unique key across all providers. String
provider The authentication method used, in this case: github. String

Here is an example of how to use the auth variable in your Security and Firebase Rules:

  "rules": {
    "users": {
      "$uid": {
        // grants write access to the owner of this user account whose uid must exactly match the key ($uid)
        ".write": "auth !== null && auth.uid === $uid",

        // grants read access to any user who is logged in github
        ".read": "auth !== null && auth.provider === 'github'"
See the User Based Security articles for more details.
  1. 1


    Installation & Setup

  2. 2


    Understanding Data

  3. 3


    Saving Data

  4. 4


    Retrieving Data

  5. 5


    Structuring Data

  6. 6


    Understanding Security

  7. 7


    User Authentication

  8. 8


    Offline Capabilities