# Other Issues

I'm just listing some questions here.  I can't really make decisions on any of this stuff without input from @shanks and co, although it's perfectly fine to answer these with "that's not important enough to care about right now."

Questions:
1. Do we still want to use firebase for storing the data? Firebase makes database deployment/scaling problems completely disappear, but it's NoSQL, so data integrity is harder. The alternative option is a relational database, such as postgres, on google cloud.  The earlier we settle on this, the better.

2. Do we want unicode in usernames, e.g. for emojis?  Can the VR client actually display emojis?

3. We obviously need to use https for the API since emails are passwords will be sent to it. We have some HTTP handling code already, but can it support HTTPS across all the platforms? If so, no problem, but I don't know if Unity still has issues with TLS that I need to be aware of (e.g.: https://forum.unity.com/threads/unity-2017-1-tls-1-2-still-not-working-with-net-4-6.487415/). We may need to use a self-sign certificates.

4. Deploying to AWS lambda allows the API to scale infinitely without us having to worry about the implemention details.  It's also about one hours works to fully support it.  It seams like such an obvious win, but is there a problem I'm not seeing?

5. The JWTs currently have a 14 day expiry. Do we even want an expiry date on JWTs?

6. All accounts are "unverified" unless the account owner adds their email/password, and then clicks the validation link in an email (I'll write the email stuff this morning). What should a user be able to do with an unverified account? We want the user to validate their email address so we can verify their identity, but so many services don't enforce this.

Validate: "demonstrate or support the truth or value of", "make or declare legally valid."

Verify: "demonstrate that (something) is true, accurate, or justified"

7. 



Other questions:

1. At the moment, the app sends back a JSON web token to identify a specific Bigscreen user.  These JWTs are not stored anywhere.  Do we need to store these on the DB?