You're viewing the legacy docs. They are deprecated as of May 18, 2016.
These docs are for version 2.5.2 and below of the Java SDK. Go to our current docs, or see our Android migration guide.

Java Android Guide

Email & Password Authentication

Authenticating Users with Email & Password

Firebase makes it easy to support email and password authentication in your app. Firebase automatically stores your users' credentials securely (using bcrypt) and redundantly (with replication and daily off-site backups).

This separates sensitive user credentials from your application data, and lets you focus on the user interface and experience for your app.

Creating User Accounts

Firebase exposes a number of Java convenience methods for account creation and management, letting you have full control over the interface for your application. Create new user accounts with the following snippet:

Firebase ref = new Firebase("https://<YOUR-FIREBASE-APP>.firebaseio.com");
ref.createUser("bobtony@firebase.com", "correcthorsebatterystaple", new Firebase.ValueResultHandler<Map<String, Object>>() {
    @Override
    public void onSuccess(Map<String, Object> result) {
        System.out.println("Successfully created user account with uid: " + result.get("uid"));
    }

    @Override
    public void onError(FirebaseError firebaseError) {
        // there was an error
    }
});
Creating an account will not log that new account in.

Logging Users In

Once an account has been created, you can log a user in with the following snippet:

Firebase ref = new Firebase("https://<YOUR-FIREBASE-APP>.firebaseio.com");
ref.authWithPassword("bobtony@firebase.com", "correcthorsebatterystaple", new Firebase.AuthResultHandler() {
    @Override
    public void onAuthenticated(AuthData authData) {
        System.out.println("User ID: " + authData.getUid() + ", Provider: " + authData.getProvider());
    }

    @Override
    public void onAuthenticationError(FirebaseError firebaseError) {
        // there was an error
    }
});

The authData object returned to your callback contains the following getter methods:

authData Object
Field Description Type
getUid() A unique user ID, intended as the user's unique key across all providers. String
getProvider() The authentication method used, in this case: password. String
getToken() The Firebase authentication token for this session. String
getAuth() The contents of the authentication token, which will be available as the auth variable within your Security and Firebase Rules. Map<String,Object>
getExpires() A timestamp, in seconds since the UNIX epoch, indicating when the authentication token expires. Long
getProviderData() A Map containing provider-specific data. Map<String,Object>
getProviderData().get("email") The user's email address. String
getProviderData().get("profileImageURL") The URL to the user's Gravatar profile image, which is retrieved from hashing the user's email. If the user does not have a Gravatar profile, then a pixelated face is used. String
getProviderData().get("isTemporaryPassword") Whether or not the user authenticated using a temporary password, as used in password reset flows. Boolean

Security & Rules

Now that the client is logged in, your Security and Firebase Rules have access to their unique user ID. The auth variable contains the following values:

auth Variable
Field Description Type
uid A unique user ID, intended as the user's unique key across all providers. String
provider The authentication method used, in this case: password. String

Here is an example of how to use the auth variable in your Security and Firebase Rules:

{
  "rules": {
    "users": {
      "$uid": {
        // grants write access to the owner of this user account whose uid must exactly match the key ($uid)
        ".write": "auth !== null && auth.uid === $uid",

        // grants read access to any user who is logged in with an email and password
        ".read": "auth !== null && auth.provider === 'password'"
      }
    }
  }
}
See the User Based Security articles for more details.

Changing Emails

You can change the email for a user using the existing email address and password as shown:

Firebase ref = new Firebase("https://<YOUR-FIREBASE-APP>.firebaseio.com");
ref.changeEmail("oldemail@firebase.com", "password", "newemail@firebase.com", new Firebase.ResultHandler() {
    @Override
    public void onSuccess() {
        // email changed
    }

    @Override
    public void onError(FirebaseError firebaseError) {
        // error encountered
    }
});

Changing Passwords

You can change the password for a user using the email address and current password as shown:

Firebase ref = new Firebase("https://<YOUR-FIREBASE-APP>.firebaseio.com");
ref.changePassword("bobtony@firebase.com", "correcthorsebatterystaple", "securenewpassword", new Firebase.ResultHandler() {
    @Override
    public void onSuccess() {
        // password changed
    }

    @Override
    public void onError(FirebaseError firebaseError) {
        // error encountered
    }
});

Sending Password Reset Emails

You can send the user a password reset email using the email address for that account:

Firebase ref = new Firebase("https://<YOUR-FIREBASE-APP>.firebaseio.com");
ref.resetPassword("bobtony@firebase.com", new Firebase.ResultHandler() {
    @Override
    public void onSuccess() {
        // password reset email sent
    }

    @Override
    public void onError(FirebaseError firebaseError) {
        // error encountered
    }
});

Removing Users

You can remove a user using their email address and password as shown below:

Firebase ref = new Firebase("https://<YOUR-FIREBASE-APP>.firebaseio.com");
ref.removeUser("bobtony@firebase.com", "correcthorsebatterystaple", new Firebase.ResultHandler() {
    @Override
    public void onSuccess() {
        // user removed
    }

    @Override
    public void onError(FirebaseError firebaseError) {
        // error encountered
    }
});
  1. 1

    Next

    Installation & Setup

  2. 2

    Next

    Understanding Data

  3. 3

    Next

    Saving Data

  4. 4

    Next

    Retrieving Data

  5. 5

    Next

    Structuring Data

  6. 6

    Next

    Understanding Security

  7. 7

    Next

    User Authentication

  8. 8

    Next

    Offline Capabilities