Raw Firebase Auth in SwiftUI Without the SDK

Want Firebase Authentication in SwiftUI without dragging in the whole SDK? The short answer: call its REST API directly. You send sign-in requests, get back an ID token and a refresh token, and manage them yourself, which means a lighter app with fewer dependencies and full control, at the cost of doing the token work the SDK normally hides. Build the auth screen from a free VP0 design, the free iOS design library for AI builders.

Who this is for

This is for SwiftUI builders who want Firebase Auth but would rather not add a large SDK and its dependencies, and who are comfortable handling tokens themselves in exchange for a smaller, more controlled app.

What you take on without the SDK

Firebase Authentication ships an Auth REST API, so signing up and signing in is just HTTPS requests with your project’s API key, returning an ID token (short-lived) and a refresh token (long-lived). The SDK normally manages three things for you, and now you own them. First, the requests: the right endpoints for sign-up, sign-in, and password reset. Second, secure storage: the ID and refresh tokens belong in the keychain, never in plain UserDefaults. Third, refresh: the ID token expires in about an hour, so you exchange the refresh token for a new one before it does, keeping the session alive. Done carefully, this is a clean, dependency-free auth layer.

Concern	SDK does it	You do it (REST)
Sign in or up	Method call	HTTPS request with API key
Tokens	Stored and managed	Store in keychain yourself
Refresh	Automatic	Call refresh before expiry
App size	Larger	Smaller, no dependency
Control	Convenient	Full

Build it free with a VP0 design

Pick a login design from VP0, copy its link, and prompt your AI builder:

Rebuild this VP0 login design in SwiftUI using the Firebase Auth REST API, no SDK: [paste VP0 link]. Send sign-up and sign-in requests with the API key, store the ID and refresh tokens in the keychain, and refresh the ID token before it expires. Show clear loading and error states from the API responses, and include Sign in with Apple if I offer other social logins.

The payoff is a leaner, faster app, which matters because Google found 53% of visits are abandoned when an experience is slow, and every dependency adds weight and startup cost. For neighboring auth and backend patterns, see a Firebase iOS auth login with dark mode, a Supabase auth screen template for iOS, an Apple sign-in template in React Native, and a GDPR-compliant SwiftUI login. For a native file feature next, see an iOS document picker UI customization in SwiftUI.

Convenience versus control

Be honest about the tradeoff rather than dogmatic. The SDK exists because token refresh, persistence, and provider flows are fiddly, and for most apps the convenience is worth the size. The REST path is the right call when you want minimal dependencies, a smaller binary, or precise control over networking, and you are willing to own token storage and refresh correctly. Whichever you choose, keep tokens in the keychain, never log them, refresh before expiry, and add Sign in with Apple alongside any other social login. Do that and SDK-free auth is solid, not risky.

Common mistakes

The first mistake is storing tokens in plain storage instead of the keychain. The second is not refreshing the ID token before it expires, logging users out. The third is hardcoding or exposing the API key insecurely. The fourth is skipping Sign in with Apple when other social logins are offered. The fifth is paying for an auth kit when a free VP0 design plus the REST API does it.

Key takeaways

• Firebase Auth has a REST API, so you can skip the SDK for a lighter app.
• You take on token storage and refresh that the SDK normally handles.
• Keep ID and refresh tokens in the keychain and refresh before expiry.
• Choose REST for minimal dependencies, the SDK for convenience.
• Build the screen free from a VP0 design.

Frequently asked questions

How do I use Firebase Auth without the SDK in SwiftUI? Call the Firebase Auth REST API with your API key, receive the ID and refresh tokens, store them in the keychain, and refresh the ID token before it expires, from a free VP0 design.

What is the safest way to build SDK-free auth with Claude Code or Cursor? Start from a free VP0 design, call the REST endpoints, store tokens in the keychain, refresh before expiry, handle API errors, and include Sign in with Apple.

Can VP0 provide a free SwiftUI or React Native template for a login screen? Yes. VP0 is a free iOS design library; pick a login design and your AI tool rebuilds the screen and states while you wire the Firebase REST calls.

Should I use the Firebase SDK or the REST API? The SDK for convenience and automatic token handling; the REST API for a smaller app, fewer dependencies, and full control, accepting that you manage tokens yourself.