Hi Robin, big fan of your work on React!
I've been trying to tackle the problem you described in React Firebase Auth Persistence with Local Storage: the delay between when the UI loads and when Firebase figures out that the user is signed-in is unpleasant user experience indeed.
In this version of /src/components/Session/withAuthentication.js my issues are twofold:
- ) A malicious client can set their own localStorage
authUser JSON-style string to any other user, and this way access a user's pages and abuse said access to the detriment of the user.
- The data stored (
authUser object) contains personal information about the user contained in that user's Firebase user, including: full name, email address, etc. (depending on the permissions the OAuth app requires). having such information available to any user of that machine, unencrypted, is risky.
Would like to hear your thoughts on these points 🤔
Felix
Hi Robin, big fan of your work on React!
I've been trying to tackle the problem you described in React Firebase Auth Persistence with Local Storage: the delay between when the UI loads and when Firebase figures out that the user is signed-in is unpleasant user experience indeed.
In this version of /src/components/Session/withAuthentication.js my issues are twofold:
authUserJSON-style string to any other user, and this way access a user's pages and abuse said access to the detriment of the user.authUserobject) contains personal information about the user contained in that user's Firebase user, including: full name, email address, etc. (depending on the permissions the OAuth app requires). having such information available to any user of that machine, unencrypted, is risky.Would like to hear your thoughts on these points 🤔
Felix