Authentication

Authentication can be tricky. Information is a hot commodity.

Let's save ourselves a headache and use a third part service handle it.

Google's a good choice. They've already got all of our data anyway, so if they get hacked we're all screwed!

Why Authenticate?

Barriers to Entry

Authentication with Firebase

Firebase makes authentication very easy. They have a variety of different methods availiable for logging in, and provide integration for other services' authorization methods as well.

Not only that, but their documentation is extremely thorough.

Email/Password Login

Enable 'Email and Password' in the Sign-in Method tab under Authentication in your Firebase app.

firebase.auth().createUserWithEmailAndPassword(email, password)

This method will return a promise that will eventually resolve to the full user object

Logging in with Google

Lab: Setting up a Login Page

Logging in with Other Providers

Logging in with other providers is trickier since you are reaching outside the Google ecosystem. In most cases you need to set up an OAuth application with the auth provider as well (e.g. GitHub, Facebook, Yahoo, etc.) and link that to both your web application and firebase.

Firebase Roles

Firebase has several ways to handle users with different roles.

Regardless of which method you use to assign user roles you will need to set up some rules for accessing (or restricting access to) your database.

Real Time Database Rules

You can set up rules for who can read from, or write to different sections of the database under the "rules" tab of your database.

User Access

{
  "rules": {
    "users": {
      "$user": {
        ".read": "$user === auth.uid",
        ".write": "$user === auth.uid"
      }
    }
  }
}

This ruleset allows a user to read and write to a custom section of the database (the key is their user ID) and restricts them from accessing any other sections of the database.

Database Methods

Lab: Set up an Admin User

The User Object

Features:

Anti-Features:

User Tokens

Firebase can be set up to generate authentication tokens when a user signs up.

If you want to generate tokens you will need to use the Firebase Admin SDK instead of the standard Firebase SDK

Unlike the user object this token can be manipulated by your JavaScript application, and is a good place to store metadata for user accounts. The setup can be a bit tricky, so for only one or two levels of authentication it may be easier to hard code those rules into your database

Official Documentation

Storing User Data

Setting up a section of the database to store user information is a good way to allow your end users to control their settings providing a customizable experience.

It's also a good way to track user data for use by adminstrators/moderators on your site.

Lab: Extending the Dashboard

Let's extend our front end app some more!

 Previous

Outline

[menu]

/