Enable social authentication in FlutterFlow by configuring each provider in Firebase Auth console — Google requires OAuth consent screen, Facebook requires an App ID and App Secret, and Apple sign-in is mandatory for any iOS app that offers social login. Account linking handles the case where the same email is used across multiple providers.
Social Authentication: Provider Setup and Apple's Requirements
FlutterFlow integrates with Firebase Authentication, which supports Google, Apple, Facebook, Twitter/X, GitHub, and more. The setup is provider-specific — each requires external developer console configuration before FlutterFlow can use it. The biggest mistake developers make is enabling Google and Facebook without Apple. Apple's App Store Review Guidelines (Guideline 4.8) require that any iOS app offering third-party social sign-in must also offer Sign in with Apple. Submitting without it results in app rejection. This tutorial covers the three most common providers and the account-linking flow that handles users who sign in with different providers using the same email address.
Prerequisites
- FlutterFlow project with Firebase connected
- Firebase project with Authentication enabled
- Google Cloud Console access for OAuth consent screen
- Apple Developer account ($99/yr) for Sign in with Apple
- Facebook Developer account and App created at developers.facebook.com
Step-by-step guide
Enable and configure Google Sign-In in Firebase
Enable and configure Google Sign-In in Firebase
Open Firebase console > Authentication > Sign-in method. Click Google and toggle the Enable switch. Firebase auto-generates the OAuth client ID — copy the Web client ID shown. Now open Google Cloud Console > APIs & Services > OAuth consent screen. Set the App name, user support email, and developer contact email. Under Scopes, ensure email and profile are listed. Under Test users, add your own email for development testing (the app is in testing mode until you publish the consent screen). Back in FlutterFlow, open Settings > Firebase Auth > Sign-In Providers > Google and ensure it is enabled. FlutterFlow reads the google-services.json (Android) and GoogleService-Info.plist (iOS) files you linked during Firebase setup — the SHA-1 fingerprint in your Android app must match what is registered in Firebase Project Settings.
Expected result: Google sign-in button in FlutterFlow preview opens the Google account selector and signs in successfully.
Configure Sign in with Apple — required for iOS
Configure Sign in with Apple — required for iOS
Apple sign-in setup has three parts. First, in Apple Developer console (developer.apple.com), open Certificates, Identifiers & Profiles > Identifiers. Find your App ID, click it, scroll to Capabilities, and enable Sign in with Apple. Second, create a Services ID under Identifiers — this is the OAuth client identifier. Enter your app's domains and return URLs; the return URL for Firebase is https://[your-project-id].firebaseapp.com/__/auth/handler. Third, create a Key under Keys > Add a new key, check Sign in with Apple, and download the .p8 key file (save it — you cannot download it again). In Firebase console > Authentication > Sign-in method > Apple, paste the Services ID, Team ID (10-character ID from your account), Key ID, and the contents of the .p8 file. In FlutterFlow, enable Apple under Sign-In Providers. Apple sign-in only works on real iOS devices — it will not function in the FlutterFlow web preview.
Expected result: On a real iOS device, tapping Sign in with Apple shows Apple's native authentication sheet and signs in to Firebase.
Set up Facebook Login in Firebase and Facebook Developer console
Set up Facebook Login in Firebase and Facebook Developer console
In Facebook Developer console (developers.facebook.com), create a new App of type Consumer. In the App Dashboard, go to Add a Product > Facebook Login > Set Up (Web). In Settings > Basic, copy the App ID and App Secret. In Firebase console > Authentication > Sign-in method > Facebook, paste the App ID and App Secret, then copy the OAuth redirect URI Firebase provides (e.g., https://[project-id].firebaseapp.com/__/auth/handler). Back in Facebook Developer console > Facebook Login > Settings, paste this URI into Valid OAuth Redirect URIs. Also add your app's domain to App Domains in Settings > Basic. In FlutterFlow, enable Facebook under Sign-In Providers and enter the App ID. For iOS, you must also add your Facebook App ID and Client Token to the info.plist via FlutterFlow's Custom Info Plist section.
1<!-- Add to iOS Info.plist via FlutterFlow Custom Info Plist -->2<key>CFBundleURLTypes</key>3<array>4 <dict>5 <key>CFBundleURLSchemes</key>6 <array>7 <string>fb[YOUR_FACEBOOK_APP_ID]</string>8 </array>9 </dict>10</array>11<key>FacebookAppID</key>12<string>[YOUR_FACEBOOK_APP_ID]</string>13<key>FacebookClientToken</key>14<string>[YOUR_FACEBOOK_CLIENT_TOKEN]</string>15<key>LSApplicationQueriesSchemes</key>16<array>17 <string>fbapi</string>18 <string>fb-messenger-share-api</string>19</array>Expected result: Facebook login button opens the Facebook OAuth flow and returns a signed-in Firebase user.
Handle account linking for same-email providers
Handle account linking for same-email providers
When a user first signs in with Google using alice@gmail.com, then later tries to sign in with Facebook using the same email, Firebase throws an auth/account-exists-with-different-credential error. In FlutterFlow, handle this in the Sign-In Action Flow: after the social sign-in action, add a conditional check on the error code. If the error is account-exists-with-different-credential, store the pending credential in App State, sign the user in with their original provider (show a message explaining the situation), then use a Custom Action to call FirebaseAuth.instance.currentUser.linkWithCredential(pendingCredential) to merge the accounts. After linking, both providers can sign in to the same account.
1// custom_actions/link_social_credential.dart2import 'package:firebase_auth/firebase_auth.dart';34Future<String> linkSocialCredential(AuthCredential pendingCredential) async {5 try {6 final user = FirebaseAuth.instance.currentUser;7 if (user == null) return 'not_signed_in';8 await user.linkWithCredential(pendingCredential);9 return 'success';10 } on FirebaseAuthException catch (e) {11 return e.code;12 }13}Expected result: A user who signs in with both Google and Facebook using the same email sees a single merged account in Firebase Authentication console.
Build the sign-in screen with all three social buttons
Build the sign-in screen with all three social buttons
In FlutterFlow, create a SignInPage. Add your app logo and a headline. Below it, add three Column-stacked buttons styled as per each platform's branding guidelines: Google (white background, Google logo, dark text), Apple (black background, Apple logo, white text — required by Apple's HIG), Facebook (blue background, Facebook logo, white text). Wire each button to the corresponding Firebase Auth social sign-in action. Add a Divider with 'or' text below the social buttons and place email/password fields below that for users who prefer traditional login. If isLoading page state is true (set before each sign-in action), show CircularProgressIndicator overlaying the buttons.
Expected result: Sign-in page displays all three branded social buttons, each triggering the correct authentication flow.
Complete working example
1import 'package:firebase_auth/firebase_auth.dart';2import 'package:google_sign_in/google_sign_in.dart';34/// Returns: 'success' | Firebase error code string5Future<String> signInWithGoogle() async {6 try {7 final googleUser = await GoogleSignIn().signIn();8 if (googleUser == null) return 'cancelled';910 final googleAuth = await googleUser.authentication;11 final credential = GoogleAuthProvider.credential(12 accessToken: googleAuth.accessToken,13 idToken: googleAuth.idToken,14 );1516 await FirebaseAuth.instance.signInWithCredential(credential);17 return 'success';18 } on FirebaseAuthException catch (e) {19 return e.code;20 } catch (_) {21 return 'unknown_error';22 }23}2425/// Links a pending credential to the currently signed-in user.26/// Call this after an account-exists-with-different-credential error.27Future<String> linkProviderCredential(AuthCredential pendingCredential) async {28 try {29 final user = FirebaseAuth.instance.currentUser;30 if (user == null) return 'not_signed_in';31 await user.linkWithCredential(pendingCredential);32 return 'success';33 } on FirebaseAuthException catch (e) {34 if (e.code == 'credential-already-in-use') {35 // The credential belongs to a different account — switch to it36 await FirebaseAuth.instance.signInWithCredential(pendingCredential);37 return 'switched';38 }39 return e.code;40 }41}4243/// Fetches which sign-in methods are registered for a given email.44/// Returns a list like ['google.com', 'password'] or empty list.45Future<List<String>> getSignInMethodsForEmail(String email) async {46 try {47 return await FirebaseAuth.instance.fetchSignInMethodsForEmail(email);48 } catch (_) {49 return [];50 }51}5253/// Signs out from all providers including Google.54Future<void> fullSignOut() async {55 await GoogleSignIn().signOut();56 await FirebaseAuth.instance.signOut();57}Common mistakes
Why it's a problem: Enabling Google and Facebook sign-in on iOS without also enabling Sign in with Apple
How to avoid: Always enable Sign in with Apple alongside any other social provider on iOS. Configure it in Apple Developer console, Firebase, and FlutterFlow before submitting to App Store.
Why it's a problem: Not handling the account-exists-with-different-credential error
How to avoid: Catch this specific error code in your Action Flow, explain to the user which provider they used originally, sign them in with that provider, and then call linkWithCredential to link the new provider.
Why it's a problem: Testing Apple sign-in in the FlutterFlow web preview
How to avoid: Test Apple sign-in exclusively on a real iOS device using FlutterFlow's Test Mode with a connected device, or by running the exported project in Xcode.
Why it's a problem: Forgetting to add the SHA-1 fingerprint for Google Sign-In on Android
How to avoid: In Firebase Project Settings > Your Apps > Android app, add both the debug SHA-1 (from keytool -list -v -keystore ~/.android/debug.keystore) and the release SHA-1 from your upload keystore.
Best practices
- Always include Sign in with Apple when shipping to the iOS App Store — Apple will reject your app without it if other social providers are present.
- Use a consistent button style per platform branding guidelines — Google requires the white button with Google logo, Apple requires black text on white or white text on black.
- Handle the account-exists-with-different-credential error gracefully with a user-friendly message rather than a raw error code.
- Store the user's linked provider list on their Firestore profile document so you can show which accounts are connected in a profile settings screen.
- Set Firebase Authentication email enumeration protection to prevent attackers from discovering which emails are registered.
- Test all social login flows on real devices before App Store submission — simulator testing misses provisioning and keychain issues.
- Add a loading overlay during sign-in to prevent double-taps from triggering multiple concurrent auth requests.
- Use Firebase Security Rules to ensure users can only read/write their own data, using auth.uid to scope access.
Still stuck?
Copy one of these prompts to get a personalized, step-by-step explanation.
I am implementing social media authentication in a FlutterFlow app using Firebase Auth. I need to support Google, Sign in with Apple, and Facebook. Explain the complete setup for each provider including: what to configure in each developer console, what to add to Firebase Authentication settings, and the Info.plist entries needed for iOS. Also write the account-linking logic for the case where the same email is already registered with a different provider.
In FlutterFlow, I have Google, Apple, and Facebook sign-in buttons on my login page. Build the Action Flow for the Facebook sign-in button that: shows a loading overlay, calls Firebase Facebook sign-in, handles the account-exists-with-different-credential error by storing the pending credential in App State and navigating to a link-accounts page, and on success navigates to the home page.
Frequently asked questions
Does Sign in with Apple work on Android and web?
Yes, Apple provides a JavaScript SDK for web and Firebase supports Apple sign-in on Android via the web-based OAuth flow. However, Apple only mandates it for iOS apps in the App Store. If your app is Android-only or web-only, Sign in with Apple is optional, though many apps include it for cross-platform consistency.
Why does Google Sign-In work in FlutterFlow preview but fail after export?
The FlutterFlow preview uses a shared signing certificate. After export, your app uses your own keystore, and the SHA-1 fingerprint changes. Add your release keystore's SHA-1 to Firebase Project Settings > Android app > Add fingerprint. For Play Store distribution, also add the SHA-1 from Google Play's App Signing key.
Can users sign in with Apple on a device that does not have an Apple ID?
No. Sign in with Apple requires the user to have an Apple ID and be signed in to iCloud on their device. If they are not, iOS prompts them to set up an Apple ID before the sign-in flow can proceed.
Does Apple share the user's real email address?
Apple gives users the choice to share their real email or to use a private relay email (e.g., xyz@privaterelay.appleid.com). Your app must handle both. If you send emails, configure your sender domain in Apple's Private Email Relay settings to ensure relay emails are delivered.
How do I let users unlink a social provider from their account?
Use a Custom Action that calls FirebaseAuth.instance.currentUser.unlink(providerId). For Google the providerId is 'google.com', for Apple 'apple.com', for Facebook 'facebook.com'. Only allow unlinking if the user has at least one other sign-in method (email/password or another social provider) so they are not locked out of their account.
Why is Facebook Login showing a blank white screen on iOS?
This is almost always a missing Info.plist entry. iOS requires the fb[APP_ID] URL scheme and the LSApplicationQueriesSchemes entries to open the Facebook app for authentication. Without them, the SDK falls back to a web view that sometimes renders blank. Add the Info.plist entries shown in Step 3 via FlutterFlow's Custom Info Plist feature.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation