I am trying out Firebase / Firestore. When I run the command-line firebase login in a Linux terminal, I am redirected to the typical Google login web-site but with an additional Firebase-logo. After login on that web-site, I have to enable various features and permissions for Firebase to access my Google account.
Then the firebase program on my local Linux PC knows that I have logged in to my Google account. Even after I restart the computer, the firebase program is apparently still logged in to my Google account.
How does this work behind the scenes? Is my Google account password stored on my local PC somewhere, since firebase remains logged in to the account? Doesn’t that cause a security risk?
Thanks!
>Solution :
No, passwords are never stored like that. That would be incredibly unsafe. The CLI is storing a special token that gives access to parts of the account that you authorized in the web browser. That token is valid until something invalidates it, or you sign out by running firebase logout. It’s similar to the way most auth systems work that allow an individual to stay signed in for long periods of time without reauthenticating.
If you want to see exactly what the CLI is doing, it’s all open source.