How Firebase Auth UID is generated?

问题

I use custom authentication using JWT Token.

The login process is like this:

1. The user input his/her phone number
2. They will get SMS confirmation containing 4-digit-code that they need to enter
3. The user enter the digits, and the verification success. The app now is processing the login.
4. Mobile app request a JWT Token from our server, the server combine phoneNumber into the token.
5. After getting the token, it uses FIRAuth.auth()?.signInWithCustomToken(customToken)
6. In the Firebase rules, auth is no longer null, and it contains uid and phoneNumber

---

The Questions

1. How the auth.uid is generated? Is auth.uid generated from the device UID? I mean if the user change their device, the auth.uid will no longer valid?

In the firebase rules,

"users": {
  "$user_id": {
    ".write": "$user_id === auth.uid"
  }
}

If the auth.uid changes between devices, the user will no longer have access to the data if they change the their device (even when they use same phone number).

2. Should I use this instead?

"users": {
  "$user_id": {
    ".write": "data.val().phoneNumber === auth.phoneNumber"
  }
}

来源：https://stackoverflow.com/questions/38236376/how-firebase-auth-uid-is-generated