Skip to content

Firebase Auth Email/Password — Complete Guide

DodaTech Updated 2026-06-24 2 min read

In this tutorial, you'll learn about Firebase Auth Email/Password. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.

The Problem

Your email/password signup crashes with a weak password error, or sign-in silently fails and the user stays logged out.

Wrong Approach ❌

// No error handling — app crashes on failure
FirebaseAuth.getInstance().createUserWithEmailAndPassword(email, password)
    .addOnCompleteListener { task -> /* Assume always succeeds */ }
// Weak password check after Firebase rejects it
FirebaseAuth.getInstance().signInWithEmailAndPassword(email, password)
    .addOnFailureListener { e ->
        // Firebase error messages are technical — don't show to user
        Toast.makeText(this, e.message, Toast.LENGTH_LONG).show()
    }

Output: App crashes on FirebaseAuthWeakPasswordException. Users see raw error messages.

Right Approach ✅

class AuthService(private val auth: FirebaseAuth) {

    sealed class AuthResult {
        data class Success(val user: FirebaseUser) : AuthResult()
        data class Error(val message: String) : AuthResult()
    }

    suspend fun signUp(email: String, password: String): AuthResult {
        return try {
            val result = auth.createUserWithEmailAndPassword(email, password).await()
            result.user?.let {
                // Send email verification
                it.sendEmailVerification().await()
                AuthResult.Success(it)
            } ?: AuthResult.Error("Unknown error")
        } catch (e: FirebaseAuthWeakPasswordException) {
            AuthResult.Error("Password should be at least 6 characters")
        } catch (e: FirebaseAuthEmailException) {
            AuthResult.Error("Invalid email format")
        } catch (e: FirebaseAuthUserCollisionException) {
            AuthResult.Error("An account with this email already exists")
        } catch (e: Exception) {
            AuthResult.Error("Sign up failed: ${e.localizedMessage}")
        }
    }

    suspend fun signIn(email: String, password: String): AuthResult {
        return try {
            val result = auth.signInWithEmailAndPassword(email, password).await()
            val user = result.user ?: return AuthResult.Error("No user found")

            if (!user.isEmailVerified) {
                return AuthResult.Error("Please verify your email address")
            }
            AuthResult.Success(user)
        } catch (e: FirebaseAuthInvalidCredentialsException) {
            AuthResult.Error("Invalid email or password")
        } catch (e: FirebaseAuthInvalidUserException) {
            AuthResult.Error("No account found with this email")
        } catch (e: Exception) {
            AuthResult.Error("Sign in failed: ${e.localizedMessage}")
        }
    }

    suspend fun resetPassword(email: String): AuthResult {
        return try {
            auth.sendPasswordResetEmail(email).await()
            AuthResult.Success(auth.currentUser ?: return AuthResult.Error("Check your email"))
        } catch (e: FirebaseAuthInvalidUserException) {
            AuthResult.Error("No account found with this email")
        } catch (e: Exception) {
            AuthResult.Error("Failed to send reset email")
        }
    }
}

Output: Proper auth flow with user-friendly error messages.

Prevention

  • Catch specific FirebaseAuthException subclasses for targeted messages.
  • Send email verification on signup.
  • Check isEmailVerified before granting access.
  • Use await() from kotlinx.coroutines.tasks.await for Coroutine-friendly auth.

Common Mistakes with Firebase auth email

  1. Using head and tail instead of pattern matching, causing runtime errors on empty lists
  2. Forgetting that lazy evaluation defers computation until the value is forced, causing space leaks with unevaluated thunks
  3. Using return to exit a function early instead of wrapping a pure value in the monad

These mistakes appear frequently in real-world Android code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.

Practice Exercise

Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.

This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.

FAQ

### How do I handle email verification?

Call user.sendEmailVerification() after signup. Check user.isEmailVerified on sign-in. Use user.reload() to refresh the email verification status.

### What is the difference between createUser and signIn?

createUserWithEmailAndPassword creates a new account. signInWithEmailAndPassword logs in an existing user. Both return a FirebaseUser on success.

### How do I sign out?

Call FirebaseAuth.getInstance().signOut(). The current user becomes null. Clear any cached user data after sign-out.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro