DEV Community

Cover image for Firebase Auth | Understanding The Auth
Nukala Suraj
Nukala Suraj

Posted on • Updated on

Firebase Auth | Understanding The Auth

#firebase #security #webdev #javascript

NOTE: This blog post assumes that you are at-least familiar with setting up firebase SDK
If you don't I'd recommend reading my blog on firebase firestore first

If you've built an application, you've probably had to deal with authentication and authorization

Contrary to Popular Belief
authentication !== authorization

Difference Between Authentication and Authorization

Consider A School
School

The School has a Principal
Principal
He Decides

  1. If a Student Joins the School
  2. If a Student Gets Debarred
  3. If a Student Gets Promoted (Despite Failing Tests)
  4. If a Student Gets Demoted ...

The School also has a Security Guard
Security
He Decides

  1. If/When a Person can Enter the Campus
  2. If/When a Person can Leave the Campus ...

Now as an Analogy
Authentication: Principal
Authorization: Security Guard

Authentication

What is Authentication

The Process of Verifying the Identity of a User

Steps in Authentication

  1. Creating An Account
  2. Verifying An Account Email Address
  3. Login/Sign-In
  4. Password Recovery
  5. Sign Out

Firebase Authentication

1. Creating An Account 

firebase.auth().createUserWithEmailAndPassword(
  email,
  password
);
Enter fullscreen mode Exit fullscreen mode

NOTE: You Receive a Promise from any Function from Firebase

2. SignOut 

firebase.auth().signOut()
Enter fullscreen mode Exit fullscreen mode

NOTE: Firebase removes the token stored on the client's localStorage (indexdb to be precise). It'll talk about it in detail in Authorization

3. Login 

firebase.auth().signInWithEmailAndPassword(
  email, 
  password
)
Enter fullscreen mode Exit fullscreen mode

4. Verifying An Account Email 

// sends a pre-templated message to a specified email address
firebase.auth().sendEmailVerification(
  email,
);
Enter fullscreen mode Exit fullscreen mode

5. Password Recovery 

firebase.auth().sendPasswordResetEmail(
  email
);
Enter fullscreen mode Exit fullscreen mode

Authorization

What is Authorization

The Process of Controlling Access to an Asset

How Does Firebase Authorize

  1. When Ever A User's Auth State Changes
    1. It Updates A User Token > Very Similar To JWT but not restricted to web application
    2. It Stores the Token in the browser's indexDB (and not in the cookies) so it has a more controllable timeline
  2. If A Valid User Token is Present, A User is allowed to Access the Resource

Accessing User Token / Checking Auth State 

firebase.auth().onAuthStateChanged((user) => {
  if (user) {
    // User is signed in, see docs for a list of available properties
    // https://firebase.google.com/docs/reference/js/firebase.User
    var uid = user.uid;
  }
});
Enter fullscreen mode Exit fullscreen mode

Top comments (1)

Collapse
 
matrixdev profile image
The MatrixDex

Great post! I would love to read something similar about Appwrite Auth as it is a full open-source BaaS.

Read next

ashsajal profile image

React.memo - Optimize React Functional Components

Ashfiquzzaman Sajal -

paulbratslavsky profile image

Epic Next JS 14 Tutorial Part 7: Next.js and Strapi CRUD Permissions

Paul Bratslavsky -

vishnusatheesh profile image

React JS Fragments

Vishnu Satheesh -

jamescroissant profile image

What is ”this” in JavaScript?

Yu Hamada -