You may be wondering if you can integrate Firebase’s anonymous authentication in your application and still maintain some level of persistence (and security) with your back-end. This article details what happens to anonymous authentication credentials after performing different actions with the app.
Here’s the TL;DR summary:
Closing the app and re-opening it from the emulator: Persists
Closing the app and re-running it from the IDE: Persists
Signing in anonymously multiple times: Persists
Signing out and signing back in: Does not Persist
Deleting the app’s cache: Persists
Deleting the app’s data (storage): Does not Persist
Using shared_preferences and clearing its data: Persists
Deleting the app and reinstalling: Does not Persist
Since this article is strictly about anonymous authentication persistence, I am omitting the process of setting up the app and enabling anonymous authentication within Firebase. For instructions on how to set up your app with anonymous authentication,see the firebase_auth pub.dev page and the documentation from Firebase.
The three plugins being used and their versions:
(Test 7 only) shared_preferences: ‘>=0.5.12+2 <2.0.0’
I created a default Flutter project on Android and modified it to add some
RaisedButtons to do a few different things:
- Login anonymously via Firebase
- Check the login status with Firebase
- Check what the user’s Unique ID (UID) is
- Sign out
The output of each button will be displayed above the buttons. Further, a count of how many times the “Sign in Anonymously” button is tapped in a session is displayed.
import 'package:firebase_auth/firebase_auth.dart' as auth;import 'package:firebase_core/firebase_core.dart';
final auth.FirebaseAuth _auth = auth.FirebaseAuth.instance;
Our “Sign in Anonymously” code:
///Asynchronously creates and becomes an anonymous user.
Our “Check Login Status” code:
auth.User user = _auth.currentUser;
///Check if user is null
Our “Get UID” code:
auth.User user = _auth.currentUser;
/// user.uid will return the UID
Our “Sign Out” code:
///Signs out the current user.
///If successful, it also updates any [authStateChanges], ///[idTokenChanges] or [userChanges] stream listeners.
A few new methods will be added in Test 7 regarding
The final code is at the end of this article.
Test 1: Sign in, close app, re-open app from emulator, check Login Status and UID
All we are doing here is signing in anonymously, getting the UID, closing the app, and then re-launching the app in the emulator to make sure we are still logged in and have the same UID we did before closing the app.
After tapping “Sign in Anonymously,” “Check Login Status,” and “Get UID,” we get the following:
Now, let’s close the app, re-open it, and check again. Note that I am not closing the app and then running the app in the IDE — I’m opening the app from the emulator directly.
Tap “Check Login Status” and “Get UID” to see our results:
Login Status — Never changed
UID — Never changed
With anonymous authentication, when the user closes the app and then reopens it later, they will still be logged in anonymously with the same UID.
Test 2: Sign in, close app, rebuild app from IDE, check Login Status and UID
Similar to Test 1, but instead of launching the app from the same build on the emulator, we are running it from the IDE and checking if anything changed.
Running it from the IDE the first time we get the following results:
Again, the same session is persisting from Test 1 (still logged in with the same UID).
Now we stop the app from the IDE and run the app from the IDE again. Tapping the “Check Login Status” and “Get UID” buttons produces the following:
Still logged in with the same UID, so it does persist as it did in Test 1.
Test 3: Sign in Anonymously multiple times
Here we will be calling the
signInAnonymously method multiple times to see if anything changes. Here is our UID (same as the end result of Test 2):
After the second “Sign in Anonymously,” “Check Login Status,” and “Get UID” taps, here is our UID:
It’s all still the same.
After the 10th tap, here is our UID:
Still the same.
After the 50th tap, here is our UID:
Nothing changed. The same session/UID persists after signing in anonymously numerous times.
Per firebase_auth regarding this test:
If there is already an anonymous user signed in, that user will be returned instead. If there is any other existing user signed in, that user will be signed out.
Test 4: Signing out and Signing in
We will call the
signOut method with the “Sign Out” button and then tap the “Sign in Anonymously” button again to see if a new UID is generated.
Here is our current UID (same as the end of Test 3):
Now we will tap “Sign Out” and then “Sign In Anonymously.” After tapping “Get UID,” here is what we get:
As you would expect, our last session has ended and we have a new UID.
Test 5: Deleting the app’s cache
We will get the current UID, go to the app in the emulator and delete the app’s cache, then re-open the app (from the emulator) and check the login status/UID then.
Let’s get the current UID (it’s the same session as at the end of Test 4):
Now close the app and delete (clear) the app’s cache:
Now re-open the app (from the emulator) and tap “Check Login Status” and “Get UID”:
Same session — same UID. Nothing changed, so it does indeed persist if you clear the app’s cache.
Test 6: Deleting the app’s data (storage)
Almost identical to the steps we took in Test 5, we will delete the app’s data (storage) and see if the UID changes:
First, run the app from the IDE and check the login status and get the current UID:
Same session and UID as at the end of Test 5.
Close the app and delete the app’s data (storage):
You can see we get the warning about how all accounts and files will be deleted. We will confirm the delete:
Re-open the app (from the emulator) and tap “Check Login Status”:
Deleting the app’s data has removed our anonymous login session, so we will no longer have the same UID.
Just to confirm, tap “Sign in Anonymously” and “Get UID” to see what the UID is:
It’s a new UID; thus, deleting the app’s data (storage) will terminate our anonymous session.
Test 7: Clearing
You may use the plugin shared_preferences to store data locally on the device.
shared_preferences has a
.clear() function that will delete anything that is stored by that plugin.
I’ll install the
shared_preferences plugin, import it, and add a few more
- Save something to the device with
shared_preferences. This will
.setString()with the key “myKey”:
SharedPreferences prefs =await SharedPreferences.getInstance();prefs.setString("myKey", "Hello this is my value in sharedPrefs");
- Retrieve that data with
shared_preferencesto confirm it works. This will
.getString()with the “myKey” key:
SharedPreferences prefs =await SharedPreferences.getInstance();String prefsData = prefs.getString("myKey");
shared_preferencesto delete the saved data:
SharedPreferences prefs =await SharedPreferences.getInstance();bool cleared = await prefs.clear();
The result of the button actions will be displayed above with the other result data.
After saving the data and retrieving it with the “Save data…” and “Get data…” buttons, respectively, here is our result:
The data was successfully saved and retrieved with
shared_preferences, so we know it’s working. You can also see that we have the same anonymous session with the same UID as we did at the end of Test 6.
Now let’s tap the “Clear data…” button and then “Get data…” to be sure that our
.clear() call worked:
It worked as expected. Tap the “Check Login Status” and “Get UID” buttons again to check if the session is still the same:
Nothing changed — we are still logged in and the UID is the same. Clearing our
SharedPreferences instance had no effect on our anonymous authentication.
Just to be thorough, we will close the app and re-open it in the emulator and check our login status again:
It’s still all good.
Test 8: Deleting the app and then reinstalling
You can probably guess what will happen here, but we will do it anyway.
We will get our current UID, delete the app from the emulator, use the IDE to reinstall the same version of the app, and then get our login status/UID.
Our current UID (same as the end of Test 7):
Delete (uninstall) the app from the emulator:
Re-install the app by running it in the IDE. After it has finished installing, tap “Check Login Status” and we see:
Our anonymous session has terminated and we no longer have the UID. Tap “Sign in Anonymously” and check the UID:
Different UID = different anonymous user according to Firebase.
Thanks for the read — I hope one or more of these tests helped answer your questions about how persistent Firebase’s anonymous login method is. Reach out if you have any other test suggestions or questions.
Here is the full code: