Advice for implementing user authentication and storage for my application

Hey everyone,

I’m a junior in college and I’ve been working on a small GRPC appliocation written in Go as an independent study this quarter. It’s essentially just a little world simulation that users can interact with (API calls) and watch live (GRPC streams for spectating). I’ve got most of the functionality down, but my next hurdle to tackle is user authentication.

What I need right now is authentication for most API calls (except for the spectate calls) and decent storage (up to 50mb files, multiple files per user). Do you guys have any suggestions for implementing authentication and/or storage?

Here are my thoughts…

I could try to use Firebase…I’ve used it a ton for web applications and it handles auth and storage really well, but doesn’t seem like a great solution for a back end heavy service. I could have the user authenticate on the front end by signing into Firebase, but I’m not sure how hard it would be to then either transfer this authentication and tokens over to the server. I’m guessing I could sending a username and password in the metadata of GRPC calls, and then hit the Firebase servers again to validate but that seems very wrong. I could have them just sign in and create a token with my service but then I’m not really saving much time by using Firebase.

The other option I was thinking about was setting up a Cassandra database, although I hear this is kind of expensive. I already have my project ready to deploy with kubernetes, so getting the database setup wouldn’t be insanely hard, but I’m worried about storing semi large files like I mentioned before. I’m also worried I’m going to sink a ton of time implementing authentication. I’ve been looking into Auth0 but I can’t gauge how easy it will be to implement.

I’m a little bit lost at this point, and I would love any advise! My advisor isn’t doing the best job helping me plan :grin:

What kind of API is this? REST? RPC? AMQP messages?

Where is the backend deployed? Do you have a filesystem available?

So many questions …

RPC, the client is built with React and uses the npm package web-grpc to make calls to the back end.

I’m going to deploy it with kubernetes and have it running in minikube right now, probably to GKE but don’t have a file system setup yet. I’m heavily leaning towards setting up a Cassandra database.

Sorry about the lack of info!

Hi. You can use jwt tokens https://firebase.google.com/docs/auth/admin/verify-id-tokens

That’s perfect! I had no idea that existed thank you so much

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.