You're viewing the legacy docs. They are deprecated as of May 18, 2016.
These docs are for version 2.5.1 and below of the Objective-C SDK. Go to our current docs, or see our iOS migration guide.

Objective-C and Swift iOS Guide

Email & Password Authentication

Authenticating Users with Email & Password

Firebase makes it easy to integrate email and password authentication into your app. Firebase automatically stores your users' credentials securely (using bcrypt) and redundantly (daily off-site backups).

This separates sensitive user credentials from your application data, and lets you focus on the user interface and experience for your app.

Creating User Accounts

Firebase provides a number of methods for account creation and management, letting you have full control over the interface for your application. Create new user accounts with the following snippet:

Firebase *ref = [[Firebase alloc] initWithUrl:@"https://<YOUR-FIREBASE-APP>.firebaseio.com"];
[ref createUser:@"bobtony@example.com" password:@"correcthorsebatterystaple"
    withValueCompletionBlock:^(NSError *error, NSDictionary *result) {

    if (error) {
        // There was an error creating the account
    } else {
        NSString *uid = [result objectForKey:@"uid"];
        NSLog(@"Successfully created user account with uid: %@", uid);
    }
}];
let ref = Firebase(url: "https://<YOUR-FIREBASE-APP>.firebaseio.com")
ref.createUser("bobtony@example.com", password: "correcthorsebatterystaple",
    withValueCompletionBlock: { error, result in

    if error != nil {
        // There was an error creating the account
    } else {
        let uid = result["uid"] as? String
        println("Successfully created user account with uid: \(uid)")
    }
})
Creating an account will not log that new account in.

Logging Users In

Once an account has been created, you can log a user in to that account like so:

Firebase *ref = [[Firebase alloc] initWithUrl:@"https://<YOUR-FIREBASE-APP>.firebaseio.com"];
[ref authUser:@"bobtony@example.com" password:@"correcthorsebatterystaple"
    withCompletionBlock:^(NSError *error, FAuthData *authData) {

    if (error) {
        // There was an error logging in to this account
    } else {
        // We are now logged in
    }
}];
let ref = Firebase(url: "https://<YOUR-FIREBASE-APP>.firebaseio.com")
ref.authUser("bobtony@example.com", password: "correcthorsebatterystaple",
    withCompletionBlock: { error, authData in

    if error != nil {
        // There was an error logging in to this account
    } else {
        // We are now logged in
    }
})

The FAuthData object returned to your block contains the following fields:

FAuthData
Field Description Type
uid A unique user ID, intended as the user's unique key across all providers. NSString
provider The authentication method used, in this case: password. NSString
token The Firebase authentication token for this session. NSString
auth The contents of the authentication token, which will be available as the auth variable within your Security and Firebase Rules. NSDictionary
expires A timestamp, in seconds since the UNIX epoch, indicating when the authentication token expires. NSNumber
providerData A dictionary containing provider-specific data. NSDictionary
providerData[@"email"] The user's email address. NSString
providerData[@"profileImageURL"] The URL to the user's Gravatar profile image, which is retrieved from hashing the user's email. If the user does not have a Gravatar profile, then a pixelated face is used. NSString
providerData[@"isTemporaryPassword"] Whether or not the user authenticated using a temporary password, as used in password reset flows. BOOL

Security & Rules

Now that the client is logged in, your Security and Firebase Rules have access to their unique user ID. The auth variable contains the following values:

auth Variable
Field Description Type
uid A unique user ID, intended as the user's unique key across all providers. String
provider The authentication method used, in this case: password. String

Here is an example of how to use the auth variable in your Security and Firebase Rules:

{
  "rules": {
    "users": {
      "$uid": {
        // grants write access to the owner of this user account whose uid must exactly match the key ($uid)
        ".write": "auth !== null && auth.uid === $uid",

        // grants read access to any user who is logged in with an email and password
        ".read": "auth !== null && auth.provider === 'password'"
      }
    }
  }
}
See the User Authentication and User Based Security articles for more details.

Changing Emails

You can change the email for a user using the existing email address and password as shown:

Firebase *ref = [[Firebase alloc] initWithUrl:@"https://<YOUR-FIREBASE-APP>.firebaseio.com"];
[ref changeEmailForUser:@"oldemail@firebase.com" password:@"correcthorsebatterystaple"
    toNewEmail:@"newemail@firebase.com" withCompletionBlock:^(NSError *error) {

    if (error) {
        // There was an error processing the request
    } else {
        // Email changed successfully
    }
}];
let ref = Firebase(url: "https://<YOUR-FIREBASE-APP>.firebaseio.com")
ref.changeEmailForUser("oldemail@example.com", password: "correcthorsebatterystaple",
    toNewEmail: "newemail@firebase.com", withCompletionBlock: { error in

    if error != nil {
        // There was an error processing the request
    } else {
        // Email changed successfully
    }
})

Changing Passwords

You can change the password for a user using the email address and current password as shown:

Firebase *ref = [[Firebase alloc] initWithUrl:@"https://<YOUR-FIREBASE-APP>.firebaseio.com"];
[ref changePasswordForUser:@"bobtony@example.com" fromOld:@"correcthorsebatterystaple"
    toNew:@"batteryhorsestaplecorrect" withCompletionBlock:^(NSError *error) {

    if (error) {
        // There was an error processing the request
    } else {
        // Password changed successfully
    }
}];
let ref = Firebase(url: "https://<YOUR-FIREBASE-APP>.firebaseio.com")
ref.changePasswordForUser("bobtony@example.com", fromOld: "correcthorsebatterystaple",
    toNew: "batteryhorsestaplecorrect", withCompletionBlock: { error in

    if error != nil {
        // There was an error processing the request
    } else {
        // Password changed successfully
    }
})

Sending Password Reset Emails

You can send the user a password reset email using the email address for that account:

Firebase *ref = [[Firebase alloc] initWithUrl:@"https://<YOUR-FIREBASE-APP>.firebaseio.com"];
[ref resetPasswordForUser:@"bobtony@example.com" withCompletionBlock:^(NSError *error) {
    if (error) {
        // There was an error processing the request
    } else {
        // Password reset sent successfully
    }
}];
let ref = Firebase(url: "https://<YOUR-FIREBASE-APP>.firebaseio.com")
ref.resetPasswordForUser("bobtony@example.com", withCompletionBlock: { error in

    if error != nil {
        // There was an error processing the request
    } else {
        // Password reset sent successfully
    }
})

Deleting Users

You can delete a user using their email address and password as shown below:

Firebase *ref = [[Firebase alloc] initWithUrl:@"https://<YOUR-FIREBASE-APP>.firebaseio.com"];
[ref removeUser:@"bobtony@example.com" password:@"correcthorsebatterystaple"
    withCompletionBlock:^(NSError *error) {

    if (error) {
        // There was an error processing the request
    } else {
        // User deleted
    }
}];
let ref = Firebase(url: "https://<YOUR-FIREBASE-APP>.firebaseio.com")
ref.removeUser("bobtony@example.com", password: "correcthorsebatterystaple",
    withCompletionBlock: { error in

    if error != nil {
        // There was an error processing the request
    } else {
        // Password changed successfully
    }
})
  1. 1

    Next

    Installation & Setup

  2. 2

    Next

    Understanding Data

  3. 3

    Next

    Saving Data

  4. 4

    Next

    Retrieving Data

  5. 5

    Next

    Structuring Data

  6. 6

    Next

    Understanding Security

  7. 7

    Next

    User Authentication

  8. 8

    Next

    Offline Capabilities