I am constructing an app the place the customers ought to have restricted entry to sure api-services. I exploit
gRPC as API. Proper now I am asking the person’s cellular quantity, ship him an SMS with a code which he has to confirm. If it is the identical, the backend generates an UUID which will likely be despatched to the person and safed in an area database on the cell phone. The person is then in a position to authenticate itself on the backend by simply sending the UUID.
Whereas I am in that course of I seen that the Firebase Token additionally by no means adjustments so I’ve two distinctive id’s that are saved within the database.
Is it secure to skip the technology of an additional UUID and confirm the person by it is Firebase Token/UID, solely? The consumer might ship the verification code with the Firebase Token and if the Firebase Token is right, the backend will save this token to the database. The consumer can then authorize itself with that token. Or do I miss some extent right here?