Home Firebase Rules with facebook Authentication and Unique IDs
Reply: 0

Firebase Rules with facebook Authentication and Unique IDs

user1729 Published in March 20, 2018, 5:27 pm

I'm looking for some advice or a possible solution with tightening up my firebase rules.

This is my user tree in Firebase:



The UID will be an epoch timestamp when the account is created which will be a signed integer.

These are the firebase rules which basically ensures the user has logged in and authenticated with Facebook before they can read or write to users:

"users": {
          ".indexOn": ["uid"]
         ".indexOn": ["uid"]
       ".read": "auth != null  && auth.provider === 'facebook'",
       ".write": "auth != null && auth.provider === 'facebook'"

I only want users to read/write to their tree, for example:


I'm afraid with my rules above, they could potentially read and write from/to another users tree.

It would be great if I could compare the app UID with the Facebook UID. I do capture this detail in another tree on the database e.g:


I do have better rules here that check against auth.uid:

"user_fbuid": {
        "$fbuid": {
          ".indexOn": ["fbuid"],
          ".read": "$fbuid === auth.uid && auth.provider === 'facebook'",
          ".write": "$fbuid === auth.uid && auth.provider === 'facebook'"

If anyone has any ideas, I'd love to hear. Thanks

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.609236 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO