Firebase Question posted in
An extensive official documentation can be found here.

Why does Firebase Authentication allow new user sign up in the frontend?

I am new to Firebase Authentication.

I am building a web application with ReactJS frontend, Spring backend, PostgreSQL database and plan to use Firebase for email and password authentication.

I have always been told that data validation in the backend is the most important, while data validation in the frontend is optional. It can be said that the backend should not "trust" things sent from the frontend, Postman or anything else.

So why does Firebase allow new user sign up in the frontend without going through my backend? Does that mean my backend has no control over what user will be created in my system? Can I prohibit sign up in the frontend (using Firebase SDK) and force the frontend to send a request to my backend so that my backend can validate the data before creating the user on Firebase (using Firebase Admin SDK)?

I have searched a lot but still do not know what is the right way to do it. It would be really appreciated if you let me know what I’m missing here.

Tags:

2

Answers


  1. 0

    So why does Firebase allow new user sign up in the frontend without going through my backend?

    It does go through a backend. The Firebase SDK calls a backend managed by Firebase to work with user data. You just don’t control that backend at all. You just use the Firebase SDK, which does all the work.

    Does that mean my backend has no control over what user will be created in my system?

    By default, you don’t need to set up or control any backend to make Firebase products work. That is the main point of most Firebase products – to make it easy to use services without needing a custom backend. If you want to add your own backend, that’s also fine.

    Can I prohibit sign up in the frontend (using Firebase SDK) and force the frontend to send a request to my backend so that my backend can validate the data before creating the user on Firebase (using Firebase Admin SDK)?

    Yes, you can do that. You can use the Firebase Admin SDK to manage users if you want. However, there is no need to do that if the provided client SDK and managed backend already do what you want. From the linked documentation:

    The Firebase Admin SDK allows you to integrate your own servers with Firebase Authentication. You can use the Firebase Admin SDK to manage your users or to manage authentication tokens.

    I have searched a lot but still do not know what is the right way to do it.

    Anything that’s covered in the product documentation is the "right way". You can choose if you want to code a backend or not. It’s up to you.

    Login or Signup to reply.
  2. 0

    From the context, I’m assuming you want to handle user validation and creation on your own backend and do not want default Firebase user creation functionality.

    In this case, I think you might want the settings under Firebase Console..Authentication..Settings..User Actions

    This page has check boxes for:

    • Enable create (sign up)
    • Enable delete
    • Email enumeration protection
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search