We decided to use Firebase custom authentication because we need to login by either username or email, or phone number in the future. For this we will write our own auth server (in nodejs) that will use Firebase as its backend for storing users with hashed passwords. Is this approach OK?
Asked
Active
Viewed 530 times
1
-
Why are you asking? Is there a specific part you're uncertain of? – Frank van Puffelen Apr 07 '16 at 15:43
-
Currently the first problem is that firebase node module have its authentication to apply application globally but we need one "admin" authentication for reading the credentials and managing users and another for serverside rendering. Other question may be if it is OK if user can read his hashed password (but we can prevent it). Another thing, isn't there a simpler solution for this? (multiple logins per account). Found nothing like this in Firebase, Auth0 or Stormpath. – Martin Ždila Apr 07 '16 at 15:52
1 Answers
1
The solution you described is perfectly OK, just remember to use proper hash function and a salt. Also, it's OK, if user can read their hashed password (user knows his password anyway).
As for the other existing solutions, I don't think there is anything you can use. One part of the problem is that Firebase is quite young project. Also, doing the 'general login system' is quite complicated issue, and I'm not sure, if configuring of such a beast wouldn't be more complicated than coding it from scratch (which BTW is quite straightforward).
Tomas Kulich
- 14,388
- 4
- 30
- 35
-
Thanks. BTW we've started to implement our custom solution based on JWT. – Martin Ždila Apr 10 '16 at 08:10