Menu
What is the difference between auth.uid and auth.token.sub in Firebase Realtime Database security rules?
I assume they are the same (user has only 1 uid) but they have different descriptions, would love to know a definitive answer.
auth.uid: A unique user id, guaranteed to be unique across all providers.
auth.token.sub: The user's Firebase UID. This is unique within a project.
Cheers
333
So after you authenticate the users, the uid will be in the authentication page in firebase. That id will help you later in the firebase database also and it is easier to use and add in the database. Can easily be gotten using this: FirebaseUser user=FirebaseAuth.
When a user or device successfully signs in, Firebase creates a corresponding ID token that uniquely identifies them and grants them access to several resources, such as Firebase Realtime Database and Cloud Storage. You can re-use that ID token to identify the user or device on your custom backend server.
The correct way to secure user related resources is via a Firebase ID token. Database/Storage rules already rely on this mechanism. You cannot just rely on the correct user ID being provided. That provides no security.
To access your rules from the Firebase console, select your project, then in the left-hand navigation panel, click Realtime Database. Click Rules once you're in the correct database or storage bucket. To access your rules from the Firebase CLI, go to the rules file noted in your firebase. json file.
They are exactly the same. auth.uid is provided for backwards compatibility (auth.token didn't used to exist in the Security Rules) and ease-of-use: sub is not a commonly understood term for an ID, whereas uid is a bit easier to understand and you don't have to dive into the token contents.
110
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
