RN Firebase Realtime DB auth token payload

Question

Using react-native-firebase:4.3.x

I'm able to connect to RealtimeDB, us requiring security we've set up rules.

But looking through the docs I can't find where how to setup Auth token payload when connecting to firebase. All it has is to connect to DB call the following:

db = firebase.database();

no parameters or anything. Am I to use, the firebase.auth()?

Answer 1

Short answer: Our whole approach on Firebase RealtimeDB's ruleset was incorrect from the beginning; we had done the rules without understanding Firebase Auth and its tie in with RealtimeDB. We had setup, rules based on uid and RealtimeDB only, storing some random token on RealtimeDB hoping we could somehow pass the token on auth payload to the user.

Long answer: As stated on Firebase's own Database Security docs Database Rules directly uses Firebase Authentication.

From then on, implemented Custom authentication from Authentication RNFirebase.io

client side:

let postLogin = (userCredentials) => {
  db = firebase.database();
  //...do stuff
}

firebase
  .auth()
  .signInAndRetrieveDataWithCustomToken(token)
  .then(postLogin);

firebase console: Project Settings -> Service Accounts -> Generate new private key. which generates json formatted firebase private key and some identifier values. Import that in whatever library you're using on server-side in our case kreait/firebase-php

Do not enable anonymous authentication, that would defeat the purpose.

php using kreait/firebase.php:

use Kreait\Firebase\Factory;
use Kreait\Firebase\ServiceAccount;

$serviceAccount = ServiceAccount::fromJsonFile($pathToJson);
$firebase = (new Factory())
  ->withServiceAccount($serviceAccount)
  ->create();

$token = (string) $firebase->getAuth()->createCustomToken($uid, $payload)

I did not need to be aware of payload on client side. It is passed through client side in the signed JWToken.