Testing the Persistence of Firebase’s Anonymous Authentication

Rob Jones
Rob Jones
Dec 1, 2020 · 8 min read
Image for post
Image for post

You may be wondering if you can integrate Firebase’s anonymous authentication in your application and still maintain some level of persistence (and security) with your back-end. This article details what happens to anonymous authentication credentials after performing different actions with the app.

Here’s the TL;DR summary:

Closing the app and re-opening it from the emulator: Persists

Closing the app and re-running it from the IDE: Persists

Signing in anonymously multiple times: Persists

Signing out and signing back in: Does not Persist

Deleting the app’s cache: Persists

Deleting the app’s data (storage): Does not Persist

Using shared_preferences and clearing its data: Persists

Deleting the app and reinstalling: Does not Persist

Setting up:

The three plugins being used and their versions:

firebase_core: ^0.5.2+1

firebase_auth: ^0.18.3+1

(Test 7 only) shared_preferences: ‘>=0.5.12+2 <2.0.0’

I created a default Flutter project on Android and modified it to add some RaisedButtons to do a few different things:

  • Login anonymously via Firebase
  • Check the login status with Firebase
  • Check what the user’s Unique ID (UID) is
  • Sign out

The output of each button will be displayed above the buttons. Further, a count of how many times the “Sign in Anonymously” button is tapped in a session is displayed.

Our starting screen with buttons for calling authentication-related functions
Our starting screen with buttons for calling authentication-related functions
Our starting screen

Import firebase_core and firebase_auth:

import 'package:firebase_auth/firebase_auth.dart' as auth;import 'package:firebase_core/firebase_core.dart';

Create the FirebaseAuth instance:

final auth.FirebaseAuth _auth = auth.FirebaseAuth.instance;

Our “Sign in Anonymously” code:

await _auth.signInAnonymously();
///Asynchronously creates and becomes an anonymous user.

Our “Check Login Status” code:

auth.User user = _auth.currentUser;
///Check if user is null

Our “Get UID” code:

auth.User user = _auth.currentUser;
/// user.uid will return the UID

Our “Sign Out” code:

_auth.signOut();
///Signs out the current user.
///If successful, it also updates any [authStateChanges], ///[idTokenChanges] or [userChanges] stream listeners.

A few new methods will be added in Test 7 regarding shared_preferences.

The final code is at the end of this article.

Test 1: Sign in, close app, re-open app from emulator, check Login Status and UID

After tapping “Sign in Anonymously,” “Check Login Status,” and “Get UID,” we get the following:

Showing we are signed in anonymously and assigned a UID
Showing we are signed in anonymously and assigned a UID

Now, let’s close the app, re-open it, and check again. Note that I am not closing the app and then running the app in the IDE — I’m opening the app from the emulator directly.

Tap “Check Login Status” and “Get UID” to see our results:

Still logged in, same UID
Still logged in, same UID

Login Status — Never changed

UID — Never changed

With anonymous authentication, when the user closes the app and then reopens it later, they will still be logged in anonymously with the same UID.

Test 2: Sign in, close app, rebuild app from IDE, check Login Status and UID

Running it from the IDE the first time we get the following results:

Same session as the last test with the same UID
Same session as the last test with the same UID

Again, the same session is persisting from Test 1 (still logged in with the same UID).

Now we stop the app from the IDE and run the app from the IDE again. Tapping the “Check Login Status” and “Get UID” buttons produces the following:

Same UID — nothing changed
Same UID — nothing changed

Still logged in with the same UID, so it does persist as it did in Test 1.

Test 3: Sign in Anonymously multiple times

Same UID — nothing changed
Same UID — nothing changed

After the second “Sign in Anonymously,” “Check Login Status,” and “Get UID” taps, here is our UID:

Showing we have the same UID after signing in anonymously while already signed in anonymously
Showing we have the same UID after signing in anonymously while already signed in anonymously
Second “Sign in Anonymously” tap

It’s all still the same.

After the 10th tap, here is our UID:

Same UID even after 10 anonymous sign-ins
Same UID even after 10 anonymous sign-ins
Ten “Sign in Anonymously” taps

Still the same.

After the 50th tap, here is our UID:

Same UID even after 50 anonymous sign-ins
Same UID even after 50 anonymous sign-ins
Fifty “Sign in Anonymously” taps

Nothing changed. The same session/UID persists after signing in anonymously numerous times.

Per firebase_auth regarding this test:

If there is already an anonymous user signed in, that user will be returned instead. If there is any other existing user signed in, that user will be signed out.

Test 4: Signing out and Signing in

Here is our current UID (same as the end of Test 3):

Same UID as last test
Same UID as last test
Same UID as last test

Now we will tap “Sign Out” and then “Sign In Anonymously.” After tapping “Get UID,” here is what we get:

After signing out and signing back in, we are given a new UID, so Firebase sees it as a new user
After signing out and signing back in, we are given a new UID, so Firebase sees it as a new user
After signing out and signing in again, we get a new UID

As you would expect, our last session has ended and we have a new UID.

Test 5: Deleting the app’s cache

Let’s get the current UID (it’s the same session as at the end of Test 4):

Same UID as we had at the end of the last test
Same UID as we had at the end of the last test

Now close the app and delete (clear) the app’s cache:

Showing we will be clearing the cache of the app
Showing we will be clearing the cache of the app
To find this on API 30: Tap and hold the app icon -> App Info -> Storage and cache

Now re-open the app (from the emulator) and tap “Check Login Status” and “Get UID”:

After clearing the app’s cache, we still have the same session/UID
After clearing the app’s cache, we still have the same session/UID

Same session — same UID. Nothing changed, so it does indeed persist if you clear the app’s cache.

Test 6: Deleting the app’s data (storage)

First, run the app from the IDE and check the login status and get the current UID:

Same login session/UID as at the end of the last test
Same login session/UID as at the end of the last test

Same session and UID as at the end of Test 5.

Close the app and delete the app’s data (storage):

The screen where we clear our app’s storage
The screen where we clear our app’s storage
To find this on API 30: Tap and hold the app icon -> App Info -> Storage and cache

You can see we get the warning about how all accounts and files will be deleted. We will confirm the delete:

The prompt where you confirm you want to delete the app’s data
The prompt where you confirm you want to delete the app’s data

Re-open the app (from the emulator) and tap “Check Login Status”:

After clearing the app’s storage, we have been un-authenticated from Firebase
After clearing the app’s storage, we have been un-authenticated from Firebase
Clearing the app’s storage has deleted our Firebase session

Deleting the app’s data has removed our anonymous login session, so we will no longer have the same UID.

Just to confirm, tap “Sign in Anonymously” and “Get UID” to see what the UID is:

We have been given a new UID
We have been given a new UID

It’s a new UID; thus, deleting the app’s data (storage) will terminate our anonymous session.

Test 7: Clearing shared_preferences

I’ll install the shared_preferences plugin, import it, and add a few more RaisedButtons to:

  • Save something to the device with shared_preferences. This will .setString() with the key “myKey”:
SharedPreferences prefs =await SharedPreferences.getInstance();prefs.setString("myKey", "Hello this is my value in sharedPrefs");
  • Retrieve that data with shared_preferences to confirm it works. This will .getString() with the “myKey” key:
SharedPreferences prefs =await SharedPreferences.getInstance();String prefsData = prefs.getString("myKey");
  • Call .clear() on shared_preferences to delete the saved data:
SharedPreferences prefs =await SharedPreferences.getInstance();bool cleared = await prefs.clear();

The result of the button actions will be displayed above with the other result data.

After saving the data and retrieving it with the “Save data…” and “Get data…” buttons, respectively, here is our result:

Shared preferences worked with saving and retrieving our String data — and note that we have the same UID
Shared preferences worked with saving and retrieving our String data — and note that we have the same UID

The data was successfully saved and retrieved with shared_preferences, so we know it’s working. You can also see that we have the same anonymous session with the same UID as we did at the end of Test 6.

Now let’s tap the “Clear data…” button and then “Get data…” to be sure that our .clear() call worked:

Successfully cleared our Shared Preferences data
Successfully cleared our Shared Preferences data

It worked as expected. Tap the “Check Login Status” and “Get UID” buttons again to check if the session is still the same:

Clearing the data with SharedPreferences did not affect our Firebase authentication data
Clearing the data with SharedPreferences did not affect our Firebase authentication data
Nothing changed with our login status or UID

Nothing changed — we are still logged in and the UID is the same. Clearing our SharedPreferences instance had no effect on our anonymous authentication.

Just to be thorough, we will close the app and re-open it in the emulator and check our login status again:

Opening the app after clearing our SharedPreferences data still shows us logged in with the same UID
Opening the app after clearing our SharedPreferences data still shows us logged in with the same UID

It’s still all good.

Test 8: Deleting the app and then reinstalling

We will get our current UID, delete the app from the emulator, use the IDE to reinstall the same version of the app, and then get our login status/UID.

Our current UID (same as the end of Test 7):

Signed in anonymously with the same session as at the end of Test 7
Signed in anonymously with the same session as at the end of Test 7

Delete (uninstall) the app from the emulator:

Our app’s uninstall button
Our app’s uninstall button
To find this on API 30: Tap and hold the app icon -> App Info

Re-install the app by running it in the IDE. After it has finished installing, tap “Check Login Status” and we see:

Uninstalling the app has removed our Firebase anonymous authentication session (as expected)
Uninstalling the app has removed our Firebase anonymous authentication session (as expected)
No longer signed in

Our anonymous session has terminated and we no longer have the UID. Tap “Sign in Anonymously” and check the UID:

Signing in again has given us a new session/UID
Signing in again has given us a new session/UID

Different UID = different anonymous user according to Firebase.

Thanks for the read — I hope one or more of these tests helped answer your questions about how persistent Firebase’s anonymous login method is. Reach out if you have any other test suggestions or questions.

Here is the full code:

The Startup

Medium's largest active publication, followed by +756K people. Follow to join our community.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store