25

With Firebase I can sign up and login users using email addresses. However what if I want the app to be username based. For example, you would log in with "Bobzilla" instead of "Bob@mail.com"?

Is this possible with Firebase?

vikzilla
  • 3,998
  • 6
  • 36
  • 57

4 Answers4

30

There is no default username+password provider built into Firebase Authentication. But you can create your own custom identity provider using the instructions in the Firebase documentation. This requires code that runs in a trusted environment, for which you can use your own server or Cloud Functions for Firebase. There is now even an example of this in the functions-samples repo.

Alternatively: you can use the built-in email+password provider and simply add any domain behind the username. So once you have determined the user name, register your user with <username>@vikzillasapp.com.

Note that this will make it impossible to for the user to reset their password if they forget it, since Firebase uses the email address to send the password reset email.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
  • 1
    Ok, so in my code I will tack on a domain to whatever unique username they enter. And so when they sign in I'll just append that domain to their username for authentication. Think I got it then; thanks! It is too bad we can't have control over the password though, as you mentioned if they ever want to change the password I'd have to capture their email as well. Which isn't the case for all apps; a lot of times an email isn't necessary for an app. – vikzilla Feb 01 '16 at 03:47
  • But if you cannot reset passwords in time given the user forget their information, isn't his a flawed approach? – Sauron Feb 20 '16 at 15:26
  • 39
    firebase REALLY needs away for you authenticate through user name. Not only email – Ben Akin Aug 11 '16 at 18:12
6

Instead of using a method where you assign an email address for the user, it might be a better option to lookup an email address in your database.

An example would be:

  1. Prompt the username to login with username and password
  2. Verify the username exists in your database and retrieve the corresponding email address for that account
  3. Pass this email address to the login process seamlessly
Scott D
  • 1,394
  • 1
  • 13
  • 17
  • 3
    Interesting idea. I think the problem would be that you would have to have all these emails open on your database. – StackAttack Dec 17 '17 at 11:48
  • It's a interesting idea, but only works if database read permissions don't require signed in user, unless you create a public separated usernames collection. – Hugo Passos May 17 '18 at 20:27
  • True, however, you would most likely make the database read permissions open because you wouldn't otherwise be able to verify an email exists already when creating an account (to prevent duplicate email addresses) – Scott D Jun 15 '18 at 14:08
  • 1
    Should be done as a cloud function that client calls thus the username/email combination is safeguarded server side, but then you have to pass plaintext passwords to cloud function. Could hash client side and handle registration via cloud function as well maybe, not sure how auth tokens would work with mobile SDKs though? What a mess... – Albert Renshaw Feb 15 '21 at 23:15
  • For some cases, it's not a trusted way retrieving the email address by username from the server and then sign in. Let's imagine your app is a social media, like instagram let's say. Everyone would learn the personal email addresses of the users from their usernames. I mean you would learn Jennifer Lopez's email address :) – yeulucay Nov 26 '22 at 19:30
5

You can use firebase custom auth. Custom auth is a method which user can login into app using custom token.

But, you need backend code, to create custom token when user send username and password to that backend.

Fortunately, now there is firebase cloud function, with http event, that can solve your problem easily. The step is :

  1. User send username and password to cloud function url via query params (GET) or request body (POST)

  2. Cloud funtion will check whether username and password is valid (ex: from realtime database)

  3. If the username and password valid, cloud function will create custom token using userId (you need to save the userId). And then send it to response body

  4. Client then can login using that customToken

Faruk
  • 5,438
  • 3
  • 30
  • 46
0

For future seekers; As Frank van Puffelen suggested

build an 'email' using the username of the user, such as: username@yourAppname.com this will be the email for Auth, but in order to send a reset password email you can use the firebase functions and using the Admin SDK you can send an email.

  1. build the Auth email username@yourAppName.com
  2. Store the real - correct email address in userclaims or db.
  3. Using firebase functions and Admin SDK, you can send the password reset to email address you want (After extracting it from the userclaims of the user object).
Morad Abed
  • 25
  • 4