CODEWITHSUNDEEP
jsonfirebasefirebase-authenticationfirebase-securitygoogle-cloud-firestore
Ashish
Ashish

Reputation: 57

firestore auth rule: for google signed in client

I'm trying to establish a rule to fetch firestore data, that can be accessed by a google signed in client. So the problem I'm facing is when I'm using this rule

match /helpers/customer/data/{document=**}{
  allow read: if request.auth != null;
}

An error pops in logcat

onFailure: Errorcom.google.firebase.firestore.FirebaseFirestoreException: PERMISSION_DENIED: Missing or insufficient permissions.

also it is only working when I'm using 

match /helpers/customer/data/{document=**}{
  allow read: if true;
}

That means the path is write.

GoogleSignInAccount acct = GoogleSignIn.getLastSignedInAccount(this);

    if(acct != null){
        Log.i(TAG, "onCreate: Database Working");
        mFirestoreDB
                .get()
                .addOnCompleteListener(new OnCompleteListener<QuerySnapshot>() {
                    @Override
                    public void onComplete(@NonNull Task<QuerySnapshot> task) {
                        if (task.isSuccessful()) {
                            for (DocumentSnapshot document : task.getResult()) {
                                Log.d(TAG, document.getId() + " => " + document.getData());
                            }
                        } else {
                            Log.d(TAG, "Error getting documents: ", task.getException());
                        }
                    }
                });
    }else{
        Log.i(TAG, "onCreate: Database not Working");
    }

What I need is a rule where I can allow only a google signed in user to access.

Upvotes: 2

Views: 426

Answers (1)

Frank van Puffelen
Frank van Puffelen

Reputation: 598740

Signing in with Google does not automatically sign the user in with Firebase. You will need to also sign them in with Firebase Authentication, before your security rules will have its auth variable set.

From the Firebase documentation in signing in with Google:

private void firebaseAuthWithGoogle(GoogleSignInAccount acct) {
    Log.d(TAG, "firebaseAuthWithGoogle:" + acct.getId());

    AuthCredential credential = GoogleAuthProvider.getCredential(acct.getIdToken(), null);
    mAuth.signInWithCredential(credential)
            .addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
                @Override
                public void onComplete(@NonNull Task<AuthResult> task) {
                    if (task.isSuccessful()) {
                        // Sign in success, update UI with the signed-in user's information
                        Log.d(TAG, "signInWithCredential:success");
                        FirebaseUser user = mAuth.getCurrentUser();
                        updateUI(user);
                    } else {
                        // If sign in fails, display a message to the user.
                        Log.w(TAG, "signInWithCredential:failure", task.getException());
                        Toast.makeText(GoogleSignInActivity.this, "Authentication failed.",
                                Toast.LENGTH_SHORT).show();
                        updateUI(null);
                    }

                    // ...
                }
            });
}

But I recommend you read the entire page I linked.

Upvotes: 2

Related Questions