Hello, I’m having an issue with determining best practices for authentication to our webflow site. We have a bit of a unique case where we want another project of ours to share login credentials, and some streamlined user data with our webflow site. The way we’d like to do this is to directly integrate our firebase authentication and firestore requests into the site via the javascript sdk. However it seems that webflow doesn’t provide a way to hide sensitive information in the firebase configuration from being available through inspecting the page itself. While we can use security rules and firebase’s other security measures to minimize harmful access, we need to know for sure that this will be enough to protect more sensitive user data from being accessed maliciously. Does anyone have any recommendations on best practices when trying to set something like this up?
To integrate Firebase authentication and Firestore with Webflow while ensuring security, you can safely expose the Firebase configuration in the frontend, as it only provides access to Firebase services. However, to protect sensitive user data, set up Firebase Security Rules to strictly control read/write access based on authentication and user roles. Avoid handling sensitive logic or secrets in the frontend; instead, use a backend (e.g., Firebase Functions) to mediate sensitive operations. For shared login credentials, use Firebase Custom Claims to manage roles and permissions across projects. Finally, ensure your Firebase SDK is only initializing client-side functions relevant to the authenticated user and test your security rules thoroughly.