I need help understanding how different components fit together. Currently, I'm working on an app with a friend. He's using Flutter for the frontend, while I'm building APIs with C#. We've successfully implemented email and password-based account creation, which returns a JSON Web Token (JWT) to the Flutter client after authentication.
Now, we want to add external login options using platforms like Google and Facebook. I came across a solution suggesting the use of Firebase Auth and the Firebase Authentication service (link) to handle external logins. However, I have concerns about how this abstraction works alongside our existing JWT authentication. I have a few questions:
- How will the API determine if the caller is an authenticated user?
- How does authentication occur when we already have JWT authentication set up?
- Can the app authenticate two different JWTs, one for our app and one for Firebase authentication? If yes, how does this happen?
- Should I create a separate user record in my app to access the current user's information? The authenticated user from the app has relations with the app's tables, but the users authenticated through Firebase Auth have no direct relation with the app's tables.
I'm in unfamiliar territory and unsure of what specific questions to ask since I'm new to security concepts. Could you please explain the implementation flow, starting from the Flutter side and extending to the C# API?
