User account credentials

Use user account credentials for authentication when your application requires access to data on a user's behalf; otherwise, use service account credentials. Here are examples of scenarios where user account credentials can be used:

  • Web server applications
  • Installed and desktop applications
  • Mobile applications
  • Client-side JavaScript
  • Applications on limited-input devices

For more information on these scenarios, see OAuth 2.0 scenarios.

If you are designing an application to support multiple authentication options for end users, then use Firebase Authentication, which supports email and password authentication as well as federated sign in with identity providers such as Google, Facebook, Twitter, and GitHub. See Where do I start with Firebase Authentication for details on how to set up authentication systems for different use cases.

When an application is granted an access token in a user-centric auth flow by an end-user, that access token will only have the permissions available to the user who grants the token. For example, if has read-only access to example-bucket, an application which Jane has granted read-write access to will be unable to write to example-bucket on her behalf.