Menu
I have an angular web application and I am not using Firebase Authentication, for logging in my users, as it's done via a service.
Right now, my firestore account has full access, anyone can perform any operation.
I read the documentation of security rules and everywhere it mentioned firebase auth. Is there a way to define rules, without using firebase auth?
378
To set up and deploy your first set of rules, open the Rules tab in the Cloud Firestore section of the Firebase console. Write your rules in the online editor, then click Publish.
Firestore offers robust access management and authentication through two different methods, depending on the client libraries you use. For mobile and web client libraries, use Firebase Authentication and Firestore Security Rules to handle serverless authentication, authorization, and data validation.
rules // is a file used to define the security rules for your Firestore database. firestore. indexes. json // is a file used to define indexes for you Firestore queries.
How do they work? Firebase Security Rules work by matching a pattern against database paths, and then applying custom conditions to allow access to data at those paths. All Rules across Firebase products have a path-matching component and a conditional statement allowing read or write access.
You can certainly use security rules without Firebase Auth, but you won't be able to write any rules that depend on identifying the individual user. To put it more specifically, you will not be able to use the auth variable effectively at all, since it's only populated with data from Firebase Auth.
Without auth information, all you'll be able to do is check the contents of documents to be created or modified. Yout won't be able to defined secure per-user rules.
163
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
