Understanding Proper Security Implementation with Multiple Providers

[Marcus Mann]

If I have an application with a separated frontend and backend (Vue on frontend) that has some basic permissions, and I am using two types of providers (email, and google), what is the recommended way of implementing authentication and authorization?

Do I have a table on the backend where I store the Google refresh token, access token, and other basic user info that gets refreshed on each Google login, and then the email login in the same row? And then for the authentication, what do I send to the user for the actual auth policies? The userid?

I swear I have searched a ton to try and find a good implementation, but there doesn't seem like a consice way of implementing something like this with a seperated frontend and backend. 

Also, is there a preference for JWT vs AuthTkt?

Thanks in advance!

Marcus

[Marcus Mann]

I should also mention I'm trying to integrate Firebase, but I would like to do authorization on my end, I'm just not sure how to implement that.