[yagami_takayuki]

What language/framework are you using? Typically you would implement your own authentication for learning the nuts and bolts of auth, but never for a production/live system on the web.

You would either use something like Firebase Auth or the built-in one that comes with your framework of choice. Identity in .NET core for example.

On the topic of auth, and as an aside, wondering if anyone has used a UUID + API key combination to do auth instead of JWT/cookies?

[latch]

Why never for a live system?

Store users with an username/email and scrypt-encrypted password.

On login, pull the encrypted password where username = $1. Compare. If valid, create a session id (fill 16 bytes with a cryptographically secure random number generator and encode it), store it that in the db along the user_id and some expiration time.

You now have a session_id -> user_id mapping which can.

[goldname]

ok, i was trying to do this for production. I am switching over to firebase but it's not working well with my client-server-architecture

[yagami_takayuki]

Ah I see, most frontend frameworks have libraries that work with firebase auth. If you use an MVC like rails or .NET core MVC etc, you can use Firebase auth from a CDN and put it in script tags along with JS to work with the library.