The issue that I will address here is a pretty common, my concern is on one part of it that I will highlight:
My Android App authenticates users using firebase Authentication (either create or verify that exists), then calls various APIs on my django backend. To call APIs I need to send a token in each request so that I prevent unauthorized requests.
I was planning first of using Django Authentication, but since I am using firebase Auth, I'm thinking of the following approach:
When a user sign-in or log-in to Android device. The Android will generate a custom token (from firebase), store it on the phone and then send it in each API to the backend. In backend, I will use firebase API to get the user from firebase (the first time) and store the token in my users model. If the token is not found in my database and not available in firebase then I return a non-authorized user. For subsequent requests I validate the token with my local users table.
Please advise if this approach is the best in this case.
Thank you