1

I'm trying to use the Firebase authentication service by email and password for my App. I've noticed there are two SDKs, Client and Admin, both of them have methods to create a new user. I've also noticed that only the client SDK has method to validate the user email and to return the new user's token after creation.

The two SDKs made me confuse regarding the way I should use this service so I have few questions:

  1. Should I create a "signup" route in my server and use the Admin SDK or I should use the client SDK?
  2. If I use the client SDK for signing it should be in the server side or in the client side?
  3. How I can verify the user email using Firebase "Email address verification" template?

If someone can give me some guidelines.

Improve this question

1 Answer 1

Reset to default
1

The Firebase Admin SDKs are meant to run in a trusted environment, such as your development machine, a server you control, or Cloud Functions. They run with elevated, administrative privileges, based on a service account that you specify when initializing them. As such, there is no way to sign a user in with an Admin SDK, even though they indeed (as you noted) have the ability to create user accounts.

The client-side Node.js SDK is meant to be used in non-trusted environments, like for example IoT setups. This SDK indeed allows you to sign in as a specific user, and this information is then passed when you call other Firebase APIs from within the Node app.

Which of the two you should use depends on the use-case, which you're unfortunately not describing. Without that, the above is the best guidance we can give: if your code runs in a trusted environment, use the Admin SDK; otherwise use the client-side SDK.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you for the explanation about the use cases. In my system I control the creation of the users, So I'm guessing I can use the Admin SDK to do it (in a protected environment of course)? This way I will also solve the email verification issue. Then the users can sign in using the client SDK?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.