Reputation: 141
Firebase authentication using token
I want to add security to my firebase application so that no one can write data by only knowing firebase url. We are using Android/ iOS client applications and php server. I need the following to be clarified.
- Is authentication using token is the best way to add security (we do not need a user login)
I do not want the token to be expired. Is this possible?
Will this effect read operations from client apps which do not use this tokens?
- Can I remove this authentication later so that any one can access
Upvotes: 1
Views: 473
Answers (1)
Reputation: 40582
Firebase uses a declarative, server-side rules language to control access to data. This is covered in detail in the security docs. I'd highly recommend reading this before continuing; it would address all the questions here and save some pain later.
Authentication is indeed the simplest way to identify users and control access. Firebase provides a number of authentication methods, including Anonymous auth.
Since security rules can also depend on data stored in Firebase, and use a complex rules engine, it's possible to create any sort of dynamic combination of authenticated and non-authenticated access, role-based security, et al.
Upvotes: 1
Related Questions
- Getting Firebase user token synchronously
- Security concern of using Firebase ID tokens for authentication on my custom backend
- Getting Custom tokens from Android App in Firebase Auth
- Firebase security and phone authentication
- How to get Firebase auth token in Android login
- Using Firebase Authentication but need to improve security
- Android + Firebase Auth + REST API: How to properly work with token?
- Firebase android security
- Is using Firebase Authentication using Custom tokens safe?
- Firebase Sign in with custom token