如何为 REST 请求设置 Firebase 实时数据库规则？

Question

In a current project, we are using React to create a website which is going to display some information from our Firebase Realtime Database. We are using the firebase.auth() -package in npm for our authentication, where the only user that will exist is our admin user.
What I can't seem to figure out is how to authenticate my POST-request, through the Realtime Database-ruleset.

I've googled for a while, and found the token I apparantly need to pass with the object, which I find by running firebase.auth().currentUser.getIdToken . However by having my rule set to

{
  "rules": {
    ".read": true,
    ".write": "auth.uid != null"
  }
}

...it still doesn't let me post. This, of course isn't a very safe authorisation, but it should allow me to post, as I give it an access-token. (I do this in the request-URL with URL.firebaseio.com/.json?access-token=TOKEN ).

What I am wondering is what part of the system I have misunderstood. I do not wish to use the firebase/database -package in npm, as I do not understand it too well, and I'd like to learn one step at the time.

If I have to update the rules-file, what should it say?
If the token/url is wrong, what should it be?

Any help would be appreciated. Thanks.

Answer 1

I solved it, for my own use:

In Firebase Console, under the Authentication-tab, I found I could get the UID of a user.

By changing the fetch-URL to URL.firebaseio.com/.json?auth=TOKEN) and the write-rule to ".write": "auth.uid == '[UID]'" where [UID] is the previously mentioned UID, it allows post-requests only from users that are logged in through firebase.auth() .

Cheers.