Menu
I'm currently using a React Native (Expo), GraphQL, Node, and Postgres stack and I have a simple email and password authentication setup with JWT. I want to separate the concept of user identity and user account by allowing multiple identities to link to a single user account. In other words, I want to implement Google, Facebook, Twitter OAuth for a user to log into the same account.
Does it make sense to use Firebase just for the authentication? This means I will essentially have two user databases, one for the authentication in Firebase and another in Postgres for any other operations like posting, purchase, reviews, etc.
569
The scenario you're sketching means you're using Firebase for authentication, and then implement your own authorization system on top of that. This is completely feasible, and even quite common.
What you'll need to do on your side is verify the ID token, so that you can be certain the user is who they claim to be. Then you can use the information from that token to look up additional information in your own database and authorize access to the data in that system.
The verification of the token and authorization will need to happen in the backend/trusted system of course, as client-side they could be easily spoofed by users. So similar to Firebase's server-side security rules and Cloud Functions, you'll need your own trusted environment where you check the authorization and then expose the data.
60
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
