Menu
I have created some users using firebase.auth().signInWithEmailAndPassword and would like to stop signUp now, but keep signIn working. I tried some rules on users and even to stop writing to firebase at all. However registration was still possible. Disabling Email/Password within console disables login too.
{ "rules": { ".read": true, ".write": false, } } Any ideas how to apply security rules to users in Firebase 3?
525
No Firebase Authentication…To use the Firebase Storage we need to authenticate a user via Firebase authentication. The default security rules require users to be authenticated. Firebase Storage is basically a powerful and simple object storage, in which you can store your files easily.
Firebase explicitly separates authentication (signing in to the app) from authorization (accessing database or storage resources from the app).
You cannot disable sign-up without disabling sign-in for all users, which is not what you want.
In a typical scenario, developer will start securing database/file access based on the authenticated user. See the relevant section in the docs for database security and storage security.
If your use-case is that you only want specific users to have access, you'll probably want to implement a whitelist: a list of users that are allowed to access the data.
You can do that in your security rules:
{ "rules": { ".read": "auth.uid == '123abc' || auth.uid == 'def456'", ".write": false, } } Or (better) by putting the list of allowed uids in your database and referring to that from your security rules:
"allowedUids": { "123abc": true, "def456": true } And then:
{ "rules": { ".read": "root.child('allowedUids').child(auth.uid).exists()", ".write": false, } } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
