Use user account credentials for authentication when your application requires access to data on a user's behalf; otherwise, use service account credentials. Here are examples of scenarios where user account credentials can be used:
- Web server applications
- Installed and desktop applications
- Mobile applications
- Client-side JavaScript
- Applications on limited-input devices
For more information on these scenarios, see OAuth 2.0 scenarios.
If you are designing an application to support multiple authentication options for end users, then use Firebase Authentication, which supports email and password authentication as well as federated sign in with identity providers such as Google, Facebook, Twitter, and GitHub. See Where do I start with Firebase Authentication for details on how to set up authentication systems for different use cases.
When an application is granted an access token in a user-centric auth flow by
an end-user, that access token will only have the permissions available to the
user who grants the token. For example, if jane@example.com has read-only
access to example-bucket, an application which Jane has granted read-write
access to will be unable to write to example-bucket on her behalf.