Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@capacitor-firebase/authentication
Advanced tools
- Version
- 0.2.0-dev.eeac0a7.1648649641
- Version published
- Weekly downloads
- 17K -7.14%
- Maintainers
- 1
Weekly downloads
- Created
@capacitor-firebase/authentication
⚡️ Capacitor plugin for Firebase Authentication.
Installation
npm install @capacitor-firebase/authentication firebase
npx cap sync
Add Firebase to your project if you haven't already (Android / iOS / Web).
On iOS, verify that this function is included in your app's AppDelegate.swift:
func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:]) -> Bool {
return ApplicationDelegateProxy.shared.application(app, open: url, options: options)
}
The further installation steps depend on the selected authentication method:
- Apple Sign-In
- Facebook Sign-In
- GitHub Sign-In
- Google Sign-In
- Microsoft Sign-In
- Play Games Sign-In
- Twitter Sign-In
- Yahoo Sign-In
- Phone Number Sign-In
- Custom Token Sign-In
Attention: Please note that this plugin uses third-party SDKs to offer native sign-in. These SDKs can initialize on their own and collect various data. Here you can find more information.
Configuration
These configuration values are available:
| Prop | Type | Description | Default |
|---|---|---|---|
skipNativeAuth | boolean | Configure whether the plugin should skip the native authentication. Only needed if you want to use the Firebase JavaScript SDK. Only available for Android and iOS. | false |
providers | string[] | Configure which providers you want to use so that only the providers you need are fully initialized. If you do not configure any providers, they will be all initialized. Please note that this does not prevent the automatic initialization of third-party SDKs. Only available for Android and iOS. | ["apple.com", "facebook.com", "github.com", "google.com", "microsoft.com", "playgames.google.com", "twitter.com", "yahoo.com", "phone"] |
Examples
In capacitor.config.json:
{
"plugins": {
"FirebaseAuthentication": {
"skipNativeAuth": false,
"providers": ["apple.com", "google.com"]
}
}
}
In capacitor.config.ts:
/// <reference types="@capacitor/firebase-authentication" />
import { CapacitorConfig } from '@capacitor/cli';
const config: CapacitorConfig = {
plugins: {
FirebaseAuthentication: {
skipNativeAuth: false,
providers: ["apple.com", "google.com"],
},
},
};
export default config;
Demo
A working example can be found here: robingenz/capacitor-firebase-authentication-demo
Usage
import { FirebaseAuthentication } from '@capacitor-firebase/authentication';
const getCurrentUser = async () => {
const result = await FirebaseAuthentication.getCurrentUser();
return result.user;
};
const getIdToken = async () => {
const result = await FirebaseAuthentication.getIdToken();
return result.token;
};
const setLanguageCode = async () => {
await FirebaseAuthentication.setLanguageCode({ languageCode: 'en-US' });
};
const signInWithApple = async () => {
await FirebaseAuthentication.signInWithApple();
};
const signInWithFacebook = async () => {
await FirebaseAuthentication.signInWithFacebook();
};
const signInWithGithub = async () => {
await FirebaseAuthentication.signInWithGithub();
};
const signInWithGoogle = async () => {
await FirebaseAuthentication.signInWithGoogle();
};
const signInWithMicrosoft = async () => {
await FirebaseAuthentication.signInWithMicrosoft();
};
const signInWithPlayGames = async () => {
await FirebaseAuthentication.signInWithPlayGames();
};
const signInWithPhoneNumber = async () => {
const { verificationId } = await FirebaseAuthentication.signInWithPhoneNumber(
{
phoneNumber: '123456789',
},
);
const verificationCode = window.prompt(
'Please enter the verification code that was sent to your mobile device.',
);
await FirebaseAuthentication.signInWithPhoneNumber({
verificationId,
verificationCode,
});
};
const signInWithTwitter = async () => {
await FirebaseAuthentication.signInWithTwitter();
};
const signInWithYahoo = async () => {
await FirebaseAuthentication.signInWithYahoo();
};
const signOut = async () => {
await FirebaseAuthentication.signOut();
};
const useAppLanguage = async () => {
await FirebaseAuthentication.useAppLanguage();
};
const useEmulator = async () => {
await FirebaseAuthentication.useEmulator({
host: '10.0.2.2',
port: 9099,
});
};
API
getCurrentUser()getIdToken(...)setLanguageCode(...)signInWithApple(...)signInWithFacebook(...)signInWithGithub(...)signInWithGoogle(...)signInWithMicrosoft(...)signInWithPlayGames(...)signInWithTwitter(...)signInWithYahoo(...)signInWithPhoneNumber(...)signInWithCustomToken(...)signOut()useAppLanguage()useEmulator(...)addListener('authStateChange', ...)removeAllListeners()- Interfaces
- Type Aliases
getCurrentUser()
getCurrentUser() => Promise<GetCurrentUserResult>
Fetches the currently signed-in user.
Returns: Promise<GetCurrentUserResult>
getIdToken(...)
getIdToken(options?: GetIdTokenOptions | undefined) => Promise<GetIdTokenResult>
Fetches the Firebase Auth ID Token for the currently signed-in user.
| Param | Type |
|---|---|
options | GetIdTokenOptions |
Returns: Promise<GetIdTokenResult>
setLanguageCode(...)
setLanguageCode(options: SetLanguageCodeOptions) => Promise<void>
Sets the user-facing language code for auth operations.
| Param | Type |
|---|---|
options | SetLanguageCodeOptions |
signInWithApple(...)
signInWithApple(options?: SignInOptions | undefined) => Promise<SignInResult>
Starts the Apple sign-in flow.
| Param | Type |
|---|---|
options | SignInOptions |
Returns: Promise<SignInResult>
signInWithFacebook(...)
signInWithFacebook(options?: SignInOptions | undefined) => Promise<SignInResult>
Starts the Facebook sign-in flow.
| Param | Type |
|---|---|
options | SignInOptions |
Returns: Promise<SignInResult>
signInWithGithub(...)
signInWithGithub(options?: SignInOptions | undefined) => Promise<SignInResult>
Starts the GitHub sign-in flow.
| Param | Type |
|---|---|
options | SignInOptions |
Returns: Promise<SignInResult>
signInWithGoogle(...)
signInWithGoogle(options?: SignInOptions | undefined) => Promise<SignInResult>
Starts the Google sign-in flow.
| Param | Type |
|---|---|
options | SignInOptions |
Returns: Promise<SignInResult>
signInWithMicrosoft(...)
signInWithMicrosoft(options?: SignInOptions | undefined) => Promise<SignInResult>
Starts the Microsoft sign-in flow.
| Param | Type |
|---|---|
options | SignInOptions |
Returns: Promise<SignInResult>
signInWithPlayGames(...)
signInWithPlayGames(options?: SignInOptions | undefined) => Promise<SignInResult>
Starts the Play Games sign-in flow.
| Param | Type |
|---|---|
options | SignInOptions |
Returns: Promise<SignInResult>
signInWithTwitter(...)
signInWithTwitter(options?: SignInOptions | undefined) => Promise<SignInResult>
Starts the Twitter sign-in flow.
| Param | Type |
|---|---|
options | SignInOptions |
Returns: Promise<SignInResult>
signInWithYahoo(...)
signInWithYahoo(options?: SignInOptions | undefined) => Promise<SignInResult>
Starts the Yahoo sign-in flow.
| Param | Type |
|---|---|
options | SignInOptions |
Returns: Promise<SignInResult>
signInWithPhoneNumber(...)
signInWithPhoneNumber(options: SignInWithPhoneNumberOptions) => Promise<SignInWithPhoneNumberResult>
Starts the sign-in flow using a phone number.
Either the phone number or the verification code and verification ID must be provided.
Only available for Android and iOS.
| Param | Type |
|---|---|
options | SignInWithPhoneNumberOptions |
Returns: Promise<SignInWithPhoneNumberResult>
signInWithCustomToken(...)
signInWithCustomToken(options: SignInWithCustomTokenOptions) => Promise<SignInResult>
Starts the Custom Token sign-in flow.
This method cannot be used in combination with skipNativeAuth on Android and iOS.
In this case you have to use the signInWithCustomToken interface of the Firebase JS SDK directly.
| Param | Type |
|---|---|
options | SignInWithCustomTokenOptions |
Returns: Promise<SignInResult>
signOut()
signOut() => Promise<void>
Starts the sign-out flow.
useAppLanguage()
useAppLanguage() => Promise<void>
Sets the user-facing language code to be the default app language.
useEmulator(...)
useEmulator(options: UseEmulatorOptions) => Promise<void>
Instrument your app to talk to the Authentication emulator.
| Param | Type |
|---|---|
options | UseEmulatorOptions |
addListener('authStateChange', ...)
addListener(eventName: 'authStateChange', listenerFunc: AuthStateChangeListener) => Promise<PluginListenerHandle> & PluginListenerHandle
Listen for the user's sign-in state changes.
| Param | Type |
|---|---|
eventName | 'authStateChange' |
listenerFunc | AuthStateChangeListener |
Returns: Promise<PluginListenerHandle> & PluginListenerHandle
removeAllListeners()
removeAllListeners() => Promise<void>
Remove all listeners for this plugin.
Interfaces
GetCurrentUserResult
| Prop | Type | Description |
|---|---|---|
user | User | null | The currently signed-in user, or null if there isn't any. |
User
| Prop | Type |
|---|---|
displayName | string | null |
email | string | null |
emailVerified | boolean |
isAnonymous | boolean |
phoneNumber | string | null |
photoUrl | string | null |
providerId | string |
tenantId | string | null |
uid | string |
GetIdTokenResult
| Prop | Type | Description |
|---|---|---|
token | string | The Firebase Auth ID token JWT string. |
GetIdTokenOptions
| Prop | Type | Description |
|---|---|---|
forceRefresh | boolean | Force refresh regardless of token expiration. |
SetLanguageCodeOptions
| Prop | Type | Description |
|---|---|---|
languageCode | string | BCP 47 language code. Example: en-US. |
SignInResult
| Prop | Type | Description |
|---|---|---|
user | User | null | The currently signed-in user, or null if there isn't any. |
credential | AuthCredential | null | Credentials returned by an auth provider. |
AuthCredential
| Prop | Type | Description |
|---|---|---|
providerId | string | The authentication provider ID for the credential. Example: google.com. |
accessToken | string | The OAuth access token associated with the credential if it belongs to an OAuth provider. |
idToken | string | The OAuth ID token associated with the credential if it belongs to an OIDC provider. |
secret | string | The OAuth access token secret associated with the credential if it belongs to an OAuth 1.0 provider. |
nonce | string | The random string used to make sure that the ID token you get was granted specifically in response to your app's authentication request. |
SignInOptions
| Prop | Type | Description |
|---|---|---|
customParameters | SignInCustomParameter[] | Configures custom parameters to be passed to the identity provider during the OAuth sign-in flow. |
SignInCustomParameter
| Prop | Type | Description |
|---|---|---|
key | string | The custom parameter key (e.g. login_hint). |
value | string | The custom parameter value (e.g. user@firstadd.onmicrosoft.com). |
SignInWithPhoneNumberResult
| Prop | Type | Description |
|---|---|---|
verificationId | string | The verification ID, which is needed to identify the verification code. |
SignInWithPhoneNumberOptions
| Prop | Type | Description |
|---|---|---|
phoneNumber | string | The phone number to be verified. |
verificationId | string | The verification ID which will be returned when signInWithPhoneNumber is called for the first time. The verificationCode must also be provided. |
verificationCode | string | The verification code from the SMS message. The verificationId must also be provided. |
SignInWithCustomTokenOptions
| Prop | Type | Description |
|---|---|---|
token | string | The custom token to sign in with. |
UseEmulatorOptions
| Prop | Type | Description |
|---|---|---|
host | string | The emulator host (e.g. 10.0.2.2). |
port | number | The emulator port (e.g. 9099). Default: 9099 |
PluginListenerHandle
| Prop | Type |
|---|---|
remove | () => Promise<void> |
AuthStateChange
| Prop | Type | Description |
|---|---|---|
user | User | null | The currently signed-in user, or null if there isn't any. |
Type Aliases
AuthStateChangeListener
Callback to receive the user's sign-in state change notifications.
(change: AuthStateChange): void
FAQ
- What does this plugin do?
This plugin enables the use of Firebase Authentication in a Capacitor app. It uses the Firebase SDK for Java (Android), Swift (iOS) and JavaScript. - What is the difference between the web implementation of this plugin and the Firebase JS SDK?
The web implementation of this plugin encapsulates the Firebase JS SDK and enables a consistent interface across all platforms. You can decide if you prefer to use the web implementation or the Firebase JS SDK. - What is the difference between the native and web authentication?
For web authentication, the Firebase JS SDK is used. This only works to a limited extent on Android and iOS in the WebViews (see here). For native authentication, the native SDKs from Firebase, Google, etc. are used. These offer all the functionalities that the Firebase JS SDK also offers on the web. However, after a login with the native SDK, the user is only logged in on the native layer of the app. If the user should also be logged in on the web layer, additional steps are required (see here). - How can I use this plugin with the Firebase JavaScript SDK?
See here.
Changelog
See CHANGELOG.md.
License
See LICENSE.
Credits
This plugin is based on the Capacitor Firebase Authentication plugin. Thanks to everyone who contributed to the project!
FAQs
Capacitor plugin for Firebase Authentication.
The npm package @capacitor-firebase/authentication receives a total of 13,331 weekly downloads. As such, @capacitor-firebase/authentication popularity was classified as popular.
We found that @capacitor-firebase/authentication demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 30 Mar 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025