Is there a way I can authenticate with Firebase as an administrator of a firebase for full read/write access to it (already has security rules protecting parts of it), or will I have to write a security rule that somehow allows me access to the full firebase, for example by providing a certain password/key.
Is there a standard or suggested way of doing this?
In the Firebase console, open Settings > Service Accounts. Click Generate New Private Key, then confirm by clicking Generate Key.
The admin SDK runs your code with administrative permissions. This means it bypasses the security rules of your Firebase Database. It also has functionality to manage users and mint custom tokens and can be used to send FCM messages.
To do this, you can retrieve an ID token from a client application signed in with Firebase Authentication and include the token in a request to your server. Your server then verifies the ID token and extracts the claims that identify the user (including their uid , the identity provider they logged in with, etc.).
Firebase Authentication provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app. It supports authentication using passwords, phone numbers, popular federated identity providers like Google, Facebook and Twitter, and more.
Andrew's answer will only work if you're authenticating outside your client-side code (otherwise you shouldn't be using your MY_SECRET
obviously). Since many people, like myself, use Firebase to avoid server code, here's an alternate answer.
In most firebase apps you probably have a "Users" object in addition to your simple login "auth" object (which only stores email and password). You can add an "isAdmin" or "isModerator" (or whatever you want) to each $user in the "Users" object.
And then your rules would look like this (assuming your auth.id matches your $user key):
{ "rules": { "someObject": { ".write": "root.child('Users').child(auth.uid).child('isAdmin').val() == true" } } }
Yes there is. You simply need to authenticate using a Firebase Secret instead of an authentication token. ie.
firebaseRef.auth(MY_SECRET);
You can find the Secret in the Authentication section of Forge.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With