firebase - Editing the user document in mongodb -
is bad practice allow editing of user document beyond changing password. noticed on yo's angular-fullstack there no function update user. on firebase user registered authentication stuff user info (name, telephone, address...) needs stored elsewhere.
in other words, there reason have users document responsible authentication , have document non-authenticating fields?
i not asking opinions please. factual issues storing authenticating fields , non-authenticating fields in same document.
when prototyping application, wouldn't gonna find benefits in separating data in beginning. however, application grows, there few reasons separate out identity information.
separation of concern
authentication specific use case, make sense store separately, facilitate changes authentication mechanism in case authentication logic needs delegated external identity provider.
this true domain tough, different services might handling different user related information. services can/may want responsible storing , authoring data. not services need know properties of user, hence each service stores data it's responsible for.
security & policy
putting sensitive user information separate collection give database administrator more fine grained control can access specific collection. or used ground work move authentication separate server if security polices require it.
you asked non-opinionated answer, topic alluding relates separation of concern , micro services architecture. these domains can opinionated means don't consider answer complete one.
read on micro services architecture here:
http://martinfowler.com/articles/microservices.html
Comments
Post a Comment