Ember authorization + Firebase


#1

Looking for some guidance on authorization within ember using firebase as a backend. I have not been able to find any recent examples.

My app has pretty simple concept of teacher and student roles based on how the user registers they would be assigned a role and from that point would

One thought is to tie this to a firebase data model linked to the firbase user auth object, then use the following addon https://emberobserver.com/addons/ember-can - any security concerns using ember-can? is this addon still relevant?

Any better design scenarios for ember authorization + firebase?

Thanks!


#2

We use a custom helper/service combo in our admin panel that seems similar to ember-can… It’s a nice semantic way to change what you render based on permissions.

There aren’t security concerns in the sense that security should always be enforced on the server side. As a general rule you should never rely on the client side only to enforce security rules. As an example I recently read something about the BitGrail crypto exchange not enforcing server-side checks on withdrawals and they lost many millions because people were able to withdraw coins they didn’t actually have.

In firebase of course you’d probably want to do that with security rules on the database. And of course how you architect that is totally up to you. What you described sounded like a really good start.


#3

Thanks @dknutsen yes you’re right, server side security layer for sure. Something you would think a crypto exchange would want to prioritize :slight_smile:

I’m new to Ember so its good to know i’m on the right track

Thanks for your help, i`ll keep digging.


#4

Excellent, good luck!