4

If allowing multiple auth providers in firebase (twitter, facebook, password), is it best to store users in this manner:

/users/[auth.id]_[auth.provider]/...

It looks like there could be overlap in auth.id based on the provider.

Most of the examples have the security file only checking auth.id. I'm attempting to avoid the complexity of creating my own user ids.

Thoughts?

Darin Howard
  • 397
  • 5
  • 16

1 Answers1

10

Yes, if you're using multiple auth providers with Simple Login, it's recommended to prefix or suffix them with the provider, as you have. auth.id is only guaranteed to be unique within the same provider.

Firebase now provides a uid parameter on the auth object, which is guaranteed to be unique across providers. For example, see "After Authenticating" on any of the simple login providers, such as email/password

Kato
  • 40,352
  • 6
  • 119
  • 149
Anant
  • 7,408
  • 1
  • 30
  • 30
  • Would be nice if Firebase could provide a ``firebaseID`` with the user object. It's just that much less work to figure out which provider the user chose, append it to a new id property, etc. – Adam Grant Oct 18 '13 at 14:26
  • Was auth.id removed completely? There is still a use for the id without the provider I think. https://www.firebase.com/docs/security/api/rule/auth.html – Baz Oct 19 '14 at 09:04