Reputation: 139
How to add security rules to Firestore without Authentication?
I'm working on a project and I'm using the device with a gsm module called sim800. Sim 800 is able to get and post requests. But Firebase SDK can not be installed on the device, so I can not do authentication. The device will access the Firestore database with get and post requests and read and write datas. Since the module cannot be Authentication, can I use a token I generated when reuesting?
If this is possible, how should I write the firestore security rules?
Upvotes: 0
Views: 183
Answers (1)
Reputation: 317392
It's not supported to pass any sort of per-request tokens for use with security rules. This wouldn't actually be secure, as someone would be able to simply break down the device and extract the token.
The best you can do without Firebase Auth is require that, for new document creations, there is a field in that new document that contains the shared "password" that's agreed upon between the client code and security rule. But again, this is not really all that secure.
You could also look into finding a way to transmit a pre-authenticated custom Firebase Auth token to the device, and pass that along using the REST API in order to authenticate the access.
Upvotes: 1
Related Questions
- firebase firestore security rules without authed user
- Define the right Firestore Security Rules
- Firestore Security Rules Without User Authentication
- Firestore security rules in auth less apps
- Firestore Security rules without Authentification
- Setup Firestore User Security Rule
- Cloud Firestore: setting security rule based on authentication
- Custom security rules for Cloud Firestore
- How to setup Firestore security rules correctly
- Firestore - How to setup security rule without Auth, but based on Android client/request data