CODEWITHSUNDEEP
firebasefluttergoogle-cloud-firestorefirebase-security
Maetthu24
Maetthu24

Reputation: 115

How to setup security rules for a Flutter app that uses Cloud Firestore?

I am creating a Flutter mobile app and want to use Cloud Firestore to store some data that the clients should access. So far, there is no user-specific data, so I don't want my users to have to login in the app. What security rules do I need to specify to allow clients to read data, but deny public access (from "outside" of the app)?

These are the security rules I have setup so far.

service cloud.firestore {
    match /databases/{database}/documents {
        match /{document=**} {
            allow write: if false;
            allow read: if request.auth.uid != null;
        }
    }
}

Under Authentication --> Sign-in method, I have enabled anonymous authentication. But I'm not sure if the security rules are correct and what Dart code I need in the client to get the desired behavior (no need for client to specify credentials, but protection of my data from access outside of the app).

Upvotes: 1

Views: 4910

Answers (1)

Alex Mamo
Alex Mamo

Reputation: 138824

so I don't want my users to have to login in the app.

But you authenticate them. Even if it's an anonymous authentication, it's still an authentication.

What security rules do I need to specify to allow clients to read data, but deny public access (from "outside" of the app)?

The exact rules you already have.

But I'm not sure if the security rules are correct.

The rules are correct.

what Dart code I need in the client to get the desired behavior (no need for client to specify credentials, but protection of my data from access outside of the app).

Your code should look similar to this.

Upvotes: 3

Related Questions