Is it ok to show $uid, generated by Firebase Authentication?

Question

I have Firebase Authentication enabled and after registering new user, I create some other data tables and I distinguish them by $uid, generated by Firebase. Also $uid is being displayed in browser address bar, like:

http://localhost:4200/accounts/6WvgabEHMRbGYxJ0inaCjWHmkif2

Is it safe enough to use it in this way (and is it normal practise)?

Answer 1

It is completely safe to put the uid in the url.

If you go to your stackoverflow account for example, the numbers you see before your name are your user id. This is your account's url:

https://stackoverflow.com/users/8558489/user370486

I can see your user id of 8558489 in the url before it shows your username, but I can't do anything malicious with that information. Websites like facebook use your username in the url, youtube uses your user id, it's what you prefer. I would rather see your username in the url because it's more meaningful when you look at it but it's up to you! Hope this helps.

EDIT:

It is arguable however that it may be less secure to have the username in the url. If the application allows for the username to be same as the password, or if the username is allowed to be contained in the password, then this makes for an easy bruteforce attack. The uid is a good way to go.