Using escaped email address as Auth.uid is Unreliable

[lekeope]

https://stackoverflow.com/questions/55423486/is-it-reliable-to-use-email-address-as-primary-key-uid-on-firebase-realtime-data?noredirect=1#comment97566454_55423486

Imagine this:

User 1 email address = johndoe@foobar.com User 1 escaped email address = johndoefoobarcom

User 2 email address = jo.h.ndo.e@foobar.com User 2 escaped email address = johndoefoobarcom

[JeanRemiDelteil]

Hi @Edge-Developer, Indeed using an email as user Universal ID is not advisable, mainly not because of the left part in the email, but of the domain part:

It's a much bigger issue if users from different domain are mixed up:

john.doe@domain.test.com -->johndoedomaintestcom john.doe@do.maintest.com --> johndoedomaintestcom

I agree that currently the variable name and documentation can be misleading. However you can actually pass your own user ID to the createAuthToken() method, it doesn't have to be an email.

[lekeope]

why would I want to do all that manual work when the firebase inline js library does all that.

Don't mean to be rude but what does this library do that the official library does not ?

[JeanRemiDelteil]

@Edge-Developer Have you read the repository readMe ?

It states as first that it is

The Google Apps Script binding for the Firebase Realtime Database

Google Apps Script is a Server side language, and is not NodeJS, so the official library is not suited for this environnement.

This repository aims at providing a implementation compatible with most of the Firebase functionalities, using the REST interface.

[lekeope]

Thanks, 🙏Jean. I now get that it is used to access firebase from within Code.gs directly, something the official firebase inline js library cannot do (has to be used in conjunction with a web UI in order to work)