Is it common to have an auth user object and a separate app user object?

Question

This is possibly a broader, philosophical question, but... so I'm newish and hacking my way through building a full stack app and I'm using Firebase authentication in a React app with node Express for the backend and PostgreSQL for the db.

My question is about the user object and whether the Firebase user object should be separate from PostgreSQL user object. This is to say, the Firebase user object (obviously) does not have all the properties my app user object might have like bio, age, location, favorite color, etc. so I'm curious how one negotiates this.

TL;DR

• Do I grab the email address from the Firebase user object at login, then use that to query the Postgres app DB for a user with a matching email, then pull the full user profile from the DB?

• And related, if a person has just signed up, do I user the returned Firebase object to insert a new user into the DB with name and email?

• Is it common to have an auth DB and app DB?

Answer 1

It sounds like you're asking if you should store additional information per user in your database other than what Firebase already provides. Yes, this is an extremely common practice. Firebase Auth is not a general purpose data store for user information. It's mostly an authentication system that also happens to know a few things about the end user based on how they signed up. If you need to store more than what its API allows for, you should do that yourself.

You're supposed to use the random unique UID assigned to each user as the key to store additional data in your database. Don't use an email address, as those can change over time.