1
votes

I am trying to choose between Auth0 and Firebase as my identity provider. I am building a SPA with a Backend API and I would like to use Auth0 or Firebase for all the logic regarding users/passwords/access rights and etc.

Auth0 uses OIDC, which is kinda standard, but IMHO overengineered and very complex. It has separate tokens for identity (ID Token) and for accessing backend resources (access token), whereas firebase uses a single token (if I understand correctly).

So my question here is what authentication mechanism is Firebase using and why a single token is enough in this case?

1

1 Answers

0
votes

Firebase Authentication uses two token types:

  • a long-lived refresh token that identifies the user
  • a short-lived ID token that validates that the user has access to the backend services

So it sounds like the two are pretty similar.