Firebase - Is auth.uid a shared secret?

firebase firebase-authentication

Knowing someones user id is not a security risk.

For example, I know that your Stack Overflow user id is 4797603. That fact alone allows me to potentially find you on Stack Overflow.

But it does not in any way allow me to pretend that I am Ron Royston. To do the latter I'd need to know the username and password (and any other factor) that you use to sign-in.

The same applies to Firebase. If you know that my uid in some Firebase-backed application is google:105913491982570113897, you cannot suddenly pretend to be me. The Firebase servers verify that the auth.uid value is based on the actual credentials of that user. The only way to do is by signing in as me, which in this case requires you to know my Google credentials.

Related

Create object from class name in JavasScript ECMAScript 6
Equal height children of flex items
Adding a column of means by group to original data [duplicate]
Putting <div> inside <p> is adding an extra <p> [duplicate]
OdbcConnection returning Chinese Characters as "?"
Powershell executable isn't outputting to STDOUT
One time login in app - FirebaseAuth
Why is Skylake so much better than Broadwell-E for single-threaded memory throughput?
How can I create friendly URLs with .htaccess?
Several elements with the same ID responding to one CSS ID selector
Get list of sub-directories in VBA
How do I require a generic type implement an operation like Add, Sub, Mul, or Div in a generic function?