Firebase : Permission denied - while setValue()

Question

I am trying to build a chat application using firebase.

The structure for message table :

message -
   $message_id 
    - $message_push_id 
      - message {
        sender : 3, 
        receiver : 58,
        token : token_of_sender,
        message : hi 
        ....}

message_id here is generated using the sender and receiver ids "3_58"

I am using push to save messages into firebase.

{
    "rules": {
        ".read": true,
         "message":
        {
          "$messageid": {
            "$messagepushid":
            {
              ".read": true,
              ".write": "auth != null  && !data.exists()",
              ".indexOn": ["token", "userid", "receiverid", "sent_time"],
              ".validate": "auth.token == newData.child('token').val() && newData.hasChildren(['token', 'userid', 'receiverid', 'text'])"
            }
          }
        }
    }
}

I have already generated token using custom token generator :

Firebase firebase = getFirebase();
Map<String, Object> authPayload = new HashMap<String, Object>();
authPayload.put("uid", user.getUserid());
authPayload.put("token", user.getToken());
TokenGenerator tokenGenerator = new TokenGenerator(Constants.FIREBASE_KEY);
TokenOptions tokenOptions = new TokenOptions();
tokenOptions.setAdmin(false);
final String firebaseToken = tokenGenerator.createToken(authPayload, tokenOptions);
firebase.authWithCustomToken(firebaseToken, new Firebase.AuthResultHandler() {
    @Override
    public void onAuthenticated(AuthData authData) {
        Log.d("Auth", "Success : " + authData.toString());
        Log.d("Auth", "Token : " + firebaseToken);
        SharedPrefs.setFirebaseUserToken(getActivity(), firebaseToken);
    }

    @Override
    public void onAuthenticationError(FirebaseError
    firebaseError) {
        firebaseError.toException().printStackTrace();
    }
});

I am trying to push a new message but I am getting error :

RepoOperation﹕ setValue at /message/3_58/-Jy2We4cqLjuQNF6Oyhs failed: FirebaseError: Permission denied

I am unable to figure out where I am going wrong.

This is the code to send chat :

mConversationReferenceFireBase = mFireBase.child("message").child(mConversationId);
    Chat conversation = new Chat( mToken, mUserId, mReceiverId, message );
    mConversationReferenceFireBase.push().setValue(conversation, new Firebase.CompletionListener() {
        @Override
        public void onComplete(FirebaseError firebaseError, Firebase firebase) {
            if (firebaseError != null) {
                Log.e("Conversation", firebaseError.toString());
            }
        }
    });

mConversationId = 3_58

The token here is generated for a user. We have a separate server to maintain the user accounts. The token is being used to upload/ download any files, the firebase is used as Chat Server.

With the rules set to .read = true and .write = true; everything works, however when I am attempting to have an authentication performed, it results in the error mentioned above. I've tried using the token from token generator, to check if I may possibly be using the wrong token.

I am following this example to generate token for firebase auth :

https://www.firebase.com/docs/web/guide/login/custom.html

Since storing a firebase secret key is bad in terms of security, what other alternative can be followed to generate a token for authentication?

Answer 1

I was too stuck on this point and here's what helped me.

First things first, there are two types of users who can access database from firebase

1. Authorized
2. Non-authorized

By default it is set to non-authorized but then they do not have any permissions neither read nor write, so initially if you try to perform any operation you get the permission denied error.

So basically one has to change the required permissions on the firebase console in-order to access the database.

Complete answer here