CODEWITHSUNDEEP
reactjsfirebaseexpressfirebase-authentication
Borys Serbyn
Borys Serbyn

Reputation: 51

Where should I implement firebase authentication?

Im watching this tutorial that uses the firebase client library in cloud functions to authenticate users. I am starting to doubt wether this is the right approach. Should I do all the authentication in the react app instead? The tutorial explains that the benefit of doing everything server side is that it decreases the amount of things the user has to download to run the application.

That being said, Im having difficulty getting the client library to work with typescript which makes me just want to scrap it. How should I proceed?

Upvotes: 0

Views: 64

Answers (2)

Sergio Flores
Sergio Flores

Reputation: 539

so my view on the best approach to solve this on Firebase is to either:

A) Use the Auth Firebase SDK for your client to create users and sign in users, B) Do it with the Auth REST API

The end result is the same, you get your users into Firebase and you can sign them in and get their auth tokens. The SDK runs on the client, the REST API runs on the server. Once that's done, you can use the user token and pass it to cloud functions to do whatever you need and check the token validity and permissions server side.

On the cloud functions you're supposed to use the Admin SDK, not the client SDK. And the admin SDK has all privileges. For a more specific reason why you SHOULD NOT use the client SDK on cloud functions, is because it keeps state. So 2 users calling your cloud functions, using the client sdk server side, would result in the same user token, which is an error.

I hope I've solved your problem?

Upvotes: 2

Jacob K
Jacob K

Reputation: 1183

It is generally better practice to host authentication (and especially authentication logic) in the back-end, if not for performance, definitely for security reasons.

That said, you can avoid using cloud functions for this authentication with firebase! Here is an alternative super simple video tutorial you may like instead from Fireship: https://www.youtube.com/watch?v=zQyrwxMPm88. The Google Firebase YouTube channel also has many videos on the subject.

Cloud functions are useful for when you want parallel action to be taken in the back-end during or after login, while the useAuthState() react hook is great for when you want parallel action to be taken in the front-end during or after login.

Upvotes: 2

Related Questions