Firebase Auth | Understanding The Auth

NOTE: This blog post assumes that you are at-least familiar with setting up firebase SDK
If you don't I'd recommend reading my blog on firebase firestore first

If you've built an application, you've probably had to deal with authentication and authorization

Contrary to Popular Belief
authentication !== authorization

Difference Between Authentication and Authorization

Consider A School

The School has a Principal

He Decides

If a Student Joins the School

If a Student Gets Debarred

If a Student Gets Promoted (Despite Failing Tests)

If a Student Gets Demoted ...

The School also has a Security Guard

He Decides

If/When a Person can Enter the Campus

If/When a Person can Leave the Campus ...

Now as an Analogy
Authentication: Principal
Authorization: Security Guard

Authentication

What is Authentication

The Process of Verifying the Identity of a User

Steps in Authentication

Creating An Account

Verifying An Account Email Address

Password Recovery

Sign Out

Firebase Authentication

1. Creating An Account

firebase.auth().createUserWithEmailAndPassword(
  email,
  password
);

NOTE: You Receive a Promise from any Function from Firebase

2. SignOut

firebase.auth().signOut()

NOTE: Firebase removes the token stored on the client's localStorage (indexdb to be precise). It'll talk about it in detail in Authorization

3. Login

firebase.auth().signInWithEmailAndPassword(
  email, 
  password
)

4. Verifying An Account Email

// sends a pre-templated message to a specified email address
firebase.auth().sendEmailVerification(
  email,
);

5. Password Recovery

firebase.auth().sendPasswordResetEmail(
  email
);

Authorization

What is Authorization

The Process of Controlling Access to an Asset

How Does Firebase Authorize

When Ever A User's Auth State Changes

It Updates A User Token > Very Similar To JWT but not restricted to web application
It Stores the Token in the browser's indexDB (and not in the cookies) so it has a more controllable timeline

If A Valid User Token is Present, A User is allowed to Access the Resource

Accessing User Token / Checking Auth State

firebase.auth().onAuthStateChanged((user) => {
  if (user) {
    // User is signed in, see docs for a list of available properties
    // https://firebase.google.com/docs/reference/js/firebase.User
    var uid = user.uid;
  }
});