Client Framework: Vuejs Backend DB: Firebase Firestore Auth system: Firebase Auth __________________________
I'm building a Vue application that uses Firebase Auth. In the past, most developers created custom form that collects user info (name, email, password, phone #, and etc.) using HTML Input field to gather Email and password, and then, from the client side we could perform TWO important actions in one sequence to give a single step to user.
This flow works great which provides a smooth one step User Flow and we can provide proper error message and navigation.
Then came along and Firebase Team offered FirebaseUI to use as replacement to our custom form and sequence. The FirebaseUI has some strange behaviors related to how to "Sign up" new user and also lacks flexibility and a modern look for form entry. Based on my understanding, the main reason Google wants us to use it: A) It provides a more secure way to collect email and password and send it to Firebase Auth. B) It provides easy way to use multiple providers.
My question is, Is it really unsecured to build our own form as I explained earlier and not bother with Firebase UI, when I'm only using email/password auth and passing it via HTTPS?
Please clarify, is it safe just build my own custom form or SHOULD I use FirebaseUI?
FirebaseUI doesn't really offer anything special in terms of security. Use it if you like the way it works. If it doesn't work the way you want, fork the source code and make it work the way you want. If you want something completely different, feel free to implement it yourself.
The point of FirebaseUI isn't to ensure security. It's to be convenient. You are ultimately responsible for security, so be sure to audit any code you use in order to ensure it meets your needs.