name: "implementing-flutter-social-auth" description: "Social authentication and OAuth/SSO for Flutter supporting Google Sign-In, Apple Sign-In, Facebook Login, and LINE Login. Use when implementing social login, OAuth flows, sign-in with Google/Apple/Facebook/LINE, SSO integration, third-party authentication, platform credential configuration (SHA-1 fingerprint for Android, Service ID for Apple, App ID for Facebook, Channel ID for LINE), native auth flows, minimal viable examples, error handling patterns, or troubleshooting authentication failures, token handling, and sign-in errors (ApiException, PlatformException)." metadata: last_modified: "2026-04-01 14:35:00 (GMT+8)"

Flutter Social Authentication Guide

Goal

Implement secure, high-quality social authentication in Flutter applications across iOS, Android, and Web. This skill focuses on the most common identity providers (Google, Facebook, Apple) using best-practice plugins and native configuration strategies to ensure a seamless "Privacy-First" user experience.

Process

Phase 1: Provider Selection & Requirements

Identify the required social providers and gather necessary developer portal credentials.

• Google: Google Cloud Console / Firebase Console (SHA-1 fingerprint required for Android).
• Facebook: Meta for Developers (App ID, Client Token).
• Apple: Apple Developer Program (Service ID, Team ID, Key ID).
• LINE: LINE Developers Console (Channel ID).

Phase 2: Platform-Specific Configuration

Each provider requires specific configurations in AndroidManifest.xml, Info.plist, or web/index.html.

• Google Sign-In Setup
• Facebook Login Setup
• Apple Sign-In Setup
• LINE Login Setup

Phase 3: Implementation & State Management

Integrate the authentication flow with the app's state management (e.g., Riverpod 3.0 Notifiers).

1. Initialize: Call the respective plugin init or configuration methods.
2. Authenticate: Trigger the login flow and capture the AccessToken or IdToken.
3. Handle Persistence: Store credentials securely using flutter_secure_storage.
4. Error Handling: Implement retry logic and display user-friendly error messages (e.g., ApiException 10 for Google).

📚 Documentation Library

Refer to these specialized resources for each identity provider:

• 🎯 Google Sign-In Best Practices
• 👤 Facebook Login Best Practices
• 🍎 Apple Sign-In Best Practices
• 💬 LINE Login Best Practices

Constraints

• Native Overlays: Always call WidgetsFlutterBinding.ensureInitialized() before initializing auth plugins in main().
• Security Awareness: NEVER store raw AccessTokens in SharedPreferences. Use Secure Storage (encrypted).
• Privacy Compliance: Ensure Apple Sign-In is implemented if any other 3rd party social login is offered on iOS.
• Error Resilience: Always handle the cancel state gracefully when a user closes the auth popup.