How to write firestore database security rule while not use firebase authentication
Question
I want to use the phone number and password authentication for the application. These type of authentication is not provided by firebase. So, normally create user collection and implement login signup flow.
Another thing is that I use phone number authentication for OTP send and verify. So user entry is available in the authentical list.
I get request.resource.data.userUid from request and check that this userUid exists in authentication list.
match /user/{docId} {
allow read, write: if exists(/databases/$(database)/documents/user/$(request.resource.data.userUid))
}
Normally from any table we can check like this. But I not found any way to access authentication list.
Any way to write security rule as per my requirement or I need to change my authentication flow?
1 answers
solution1
0 2019-05-29 12:52:43
If you're not using Firebase Authentication, then you can't use security rules to control access to specific users. There is no other way to validate the identity of the individual making the request. request.auth will always be null in this case.
In case you didn't know, Firebase Auth does provide phone number authentication . You should be using this along with Cloud Firestore to implement security rules effectively.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.