CODEWITHSUNDEEP
iosfirebasefirebase-realtime-databasefirebase-security
Alien
Alien

Reputation: 426

Firebase Database permission denied with custom tokens

My application is set up with a backend REST api written with Java and Spring Boot. I am creating custom firebase tokens in the backend in which the client side (iOS platform) calls an API to retrieve. With this custom token, I use FIRAuth.auth()?.signIn(withCustomToken: customToken) to sign in, where customToken is the value from the api response.

I am creating these custom tokens as follows:

public static String createCustomFirebaseToken(){
        UUID uid = UUID.randomUUID();
        Task<String> authTask = FirebaseAuth.getInstance().createCustomToken(uid.toString());
        try {
            Tasks.await(authTask);
        } catch (ExecutionException | InterruptedException e ) {
            //TODO: handle exception
        }
        String customToken = authTask.getResult();
        return customToken;
}

I am able to view the UUIDs that were generated to create these custom tokens in the Firebase console, under the Authentication tab.

In my Firebase Database, I want to only allow read/write permissions to these authenticated users - this is where I am stuck as I am not too familiar with Firebase.

For example, say I have a news model in which I will allow all authenticated users to read & write.

How would I go about implementing a rule such as: 

{
    "news":{
        ".read": // authenticated user
        ".write": // authenticated user
    }
}

Thank you in advance!

Upvotes: 0

Views: 634

Answers (1)

user3476154
user3476154

Reputation: 

{
    "news": {
        ".read": "auth != null",
        ".write": "auth != null"
    }
}

Is this what you're looking for?

Upvotes: 1

Related Questions