Firebase (client-side vs server-side)

Question

I'm building a PWA with django/python on the server-side and vue on the client-side and want to use firebase as a database as well as make use of the firebase authentication.

After some thorough research I realised that I had to make a few choices.

Question 1: Authentication

• I can do authentication on the client-side or server-side. Which one would be best (more secure) ?

Question 2: Database

• In terms of CRUDS I am a bit conflicted. Do I write all my data to firestore from the client-side?
• Do I rather use api's to communicate with my backend and then write data to firestore from the backend? What are the security implications of doing this?

Should I just use both in terms of context? If there are no security implications I would do my authentication client-side and my CRUDS from the server-side. I think I would also have to check authentication to write to the database from the backend.

Answer 1

Authentication of a user's credentials should always happen on a server, as it can't be securely done on the client's computer. What Firebase Authentication allows however, is that the authentication runs on Google's servers, while you control it from a simple client-side API call.