Hacker News new | past | comments | ask | show | jobs | submit login

I use firebase auth because it’s free at any scale and it takes minutes to set up. It’s backed by google so I’m not kept up at night.



Same. I feel like I'm missing something by the vast majority of other comments saying roll their own/unknown third party


I think if I had my own enterprise product with a lot more complexity, I would roll my own.

It’s possible I am using the product wrong, but I found it kind of hard to use the rules engine for granular access. What I did instead is make my own simple permissions engine and since my backend APIs verify against the firebase token, I then pass that into my rules engine before it writes any mutations.

I lock down firestore access by using my own api that then uses the admin sdk. Obviously this is a bit slower but it gives me the most confidence that only my backend services can make changes to the data.


Same as well. Basically authentication->firebase, authorization->backend api (I normally write custom python decorators for this)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: