Reputation: 6860
Is there a way to give read permissions for a non public firestore document without requiring the user to have an account?
For example is there a way to issue a JWT or something from my server to let them have access to a particular document, without requiring them to go through Firebase authentication? I'd like them to be able to read directly from Firestore but not require an account to do so, while not opening up the document to everyone.
Upvotes: 0
Views: 20
Answers (1)
Reputation: 317467
Firestore does not offer any forms of authorization that aren't related to Firebase Authentication. Or, in other words, Firebase Auth accounts are the only supported mechanism to distinguish which individuals can read and write documents.
It sounds like you should probably create your own backend endpoint that accepts a token, check it for validity, and determines if the bearer of that token should be able to read the contents of the requested document. The backend would have to perform the query directly, and it will be able to bypass security rules.
Upvotes: 1
Related Questions
- Allow non-authenticated users to write into firestore
- Can you access firestore client-side without firebase auth?
- How can I allow everybody to read my Firebase Cloud Firestore
- Firebase firestore get user document without authenticated
- Firebase firestore only allow read if user has exact document ID
- Public access to Firestore collection doc on condition
- Allow User Read, Write Own Document Firestore
- User to access only his/her document in Firestore
- How do you store user information in firestore if they don't have an account?
- angular + firestore: how to allow public read access to a document