Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Firebase rules anonymous and authentificated

I am trying to write a rule for my Firebase users.

My goal is to have a rule to allow write/read in the database for:

  1. anonymous users authentificated through Firebase auth which are temporary anonymous accounts
  2. authenticated users with email and password.

How can I achieve that ?

like image 588
gpasse Avatar asked Oct 01 '18 09:10

gpasse


2 Answers

In the Firebase Realtime Database, you can give everyone who is signed in access to your entire database with:

{
  "rules": {
    ".read": "auth.uid !== null",
    ".write": "auth.uid !== null"
  }
}

In Cloud Firestore you can accomplish the same with these rules:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth.uid != null;
    }
  }
}

Note that both of these samples come from the Firebase documentation, so I highly recommend that you spend some time studying that.

like image 66
Frank van Puffelen Avatar answered Sep 18 '22 06:09

Frank van Puffelen


I don't agree with accepted answer. If user is authenticated as Anonymous, he has UID anyway so checking if it is null doesn't solve the problem.

'auth' variable has 'provider' property so all you have to do to check if user is authenticated with email and password or anonymously is this:

{
  "rules": {
    ".read": "auth.provider != 'anonymous'",
    ".write": "auth.provider != 'anonymous'"
  }
}

Here is more from documentation: https://firebase.google.com/docs/reference/security/database#variables

like image 42
TomSon234 Avatar answered Sep 21 '22 06:09

TomSon234