Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Firebase Authentication vs Firebase Admin

what is the difference between firebase authentication and firebase admin?

As far as I know, firebase admin has authentication features and it can bypass security, unlike firebase authentication. And firebase admin is implemented in server-side while firebase authentication is mostly at the client side.

I want to know why firebase authentication should be at client side and why we should use firebase authentication instead of firebase admin for authentication feature.

like image 930
Lillian Avatar asked Jun 26 '18 14:06

Lillian


People also ask

What is the difference between Firebase and Firebase admin?

The admin SDK runs your code with administrative permissions. This means it bypasses the security rules of your Firebase Database. It also has functionality to manage users and mint custom tokens and can be used to send FCM messages.

What is firebase admin for?

The Admin SDK is a set of server libraries that lets you interact with Firebase from privileged environments to perform actions like: Read and write Realtime Database data with full admin privileges.

What is a Firebase authentication?

The Firebase Authentication SDK provides methods to create and manage users that use their email addresses and passwords to sign in. Firebase Authentication also handles sending password reset emails. iOS Android Web C++ Unity. Federated identity provider integration.

Should I use Firebase for authentication?

There are definitely great advantages if you use Firebase Authentication. Save time on developing Webservice methods for authentication : Instead, you can just have a method to store user information after the user authenticates with Firebase.


2 Answers

Firebase Authentication is a product that allows you to write code to get your users logged into your app, and limit user access to resources in other Firebase products. SDKs are provided for a variety of platforms.

Fireabse Admin is an SDK that allows you to write code on your backend that manipulates data in Firebase and Google Cloud services (such as Realtime Database, Firestore, Cloud Storage, and Cloud Messaging). As you said, it's for backend only, and bypasses normal security measures established for client apps.

The reason why you can't use the Firebase Admin SDK in your app is because you would have to ship private credentials with your app in order for the SDK to operate. Shipping your credentials in your app is a massive security hole - don't do it. Keep them safe on your backend where malicious users can't reverse engineer your code and use your credentials.

like image 119
Doug Stevenson Avatar answered Oct 13 '22 06:10

Doug Stevenson


Firebase Authentication

Firebase authentication is used in client application to identify a particular user. And it is used to limit resources on the firebase. So it is strictly on the end user area.



Firebase Admin

Firebase admin is on the other hand, it is purely for backend. You can use it to define custom logic to Firebase and you can modify Firebase services to meet your needs. The following are some usecase scenario.

1. User Management

It is not always convenient to have to visit the Firebase console in order to manage your Firebase users. The admin user management API provides programmatic access to those same users. It even allows you to do things the Firebase console cannot, such as retrieving a user's full data and changing a user's password, email address or phone number.

2. Custom Authentication

You can integrate an external user system with Firebase. For example, you may already have a pre-existing user database or you may want to integrate with a third-party identity provider that Firebase Authentication doesn’t natively support.

3. Identity Verification

Firebase Authentication is primarily used to identify users of your app in order to restrict access to other Firebase services, such as the Firebase Realtime Database and Cloud Storage. But you can also use the service to identify these users on your own server. This lets you securely perform server-side logic on behalf of users that have signed in with Firebase Authentication.

4. Custom User Claims

In some cases, you may want to implement fine-grained access control for users already signed in with one of the supported Firebase auth providers such as Email/Password, Google, Facebook, phone, etc. A combination of custom user claims and application security rules provides this capability. For example, a user signed in with Firebase Auth's Email/Password provider can have access control defined using custom claims.

For more information see at firebase doc

like image 23
Christlin Panneer Avatar answered Oct 13 '22 06:10

Christlin Panneer