CODEWITHSUNDEEP
javascriptfirebasegoogle-cloud-firestorefirebase-security
Ahmad Sharif
Ahmad Sharif

Reputation: 4435

How to get Firebase secure data from angular or any other web platform

Here is my security rules and condition in firebase 

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /Product/{document=**} {
      allow read: if true; 
      allow write: if request.auth.uid != null;
    }
  }
}

According to firestore documentation we can retrieve data at once by this method. 

db.collection("Product").get().then(function(querySnapshot) {
    querySnapshot.forEach(function(doc) {
        console.log(doc.id, " => ", doc.data());
    });
});

How to retrieve secured data from Firebase. It will give back you data if it has a valid uid. What is the proper method to send my user status or uid on every request

Upvotes: 1

Views: 103

Answers (1)

Renaud Tarnec
Renaud Tarnec

Reputation: 83191

What is the proper method to send my user status or uid on every request.

You have to combine the Security Rules with Firebase Authentication.

So, with Firebase Authentication you cover the authentication part of your system security (i.e. confirming users identity), and with the Security Rules you cover the authorization part (i.e. granting access to the system).

From the documentation:

To sign a user into your app, you first get authentication credentials from the user. These credentials can be the user's email address and password, or an OAuth token from a federated identity provider. Then, you pass these credentials to the Firebase Authentication SDK. Our backend services will then verify those credentials and return a response to the client.

After a successful sign in, you can access the user's basic profile information, and you can control the user's access to data stored in other Firebase products. You can also use the provided authentication token to verify the identity of users in your own backend services.

So, concretely, you need to select the desired sign-in method(s) (i.e. passwords, phone numbers, federated identity providers like Google, Facebook and Twitter, etc.) and then implement one (or more) corresponding login function(s) in your application. Note that you could also use your own authentication mechanism, since JSON Web Tokens (JWTs) can be generated on you own server and used to authenticate users via the signInWithCustomToken() method.

After login, the authentication token will be automatically included in the requests to the Firebase back-end services (Firestore, Cloud Storage, etc.).

More details in the "Get Started with Firebase Authentication" page.

You will also find several tutorials on the web: https://www.google.com/search?q=angular+firebase+authentication+example

Upvotes: 1

Related Questions