I'm a new android developer and so confused about firebase rules and phone authentication. I am writing an application for a scheduling system. Right now, I'm using a phone number to authenticate users. In my plan, I want to save the appointments in my realtime database firebase, and for each phone number I want to add user information, like name and their appointments. The first question is how can I create a user for each phone? can I do that with phone authentication or do I need to create a user object and save it in the realtime database? The second question is about security. I want my users to be able to see all the free appointments and to schedule one or more. What rules do I need to set for each user?
You can use Firebase Authentication via phone number as here . Once a user authenticates himself then a unique Uid is created for that person which you can use to get the User data using auth
variable. This is using Firebaseuser
as documented here
If you want to make custom made fields for a user I would advise to get the Uid and then create a user databse in lets say /Users
using the Uid as the primary key, that would be something like /Users/Uid
Further if you want your authenticated users only to see the free appointments you can do something like below, assuming the Appointment branch in root contains the available free slots.
{
"rules": {
"Appointments": {
"freeSlots": {
".read": "$uid === auth.uid"
}
}
}
}
You can then manipulate the database via your codes, probably shift the free slot from Appointment to the /User/Uid
Then if you wish the user to see his slots only, you can write the rules like below
{
"rules": {
"Users": {
"$uid": {
".write": "$uid === auth.uid"
".read": "$uid === auth.uid"
}
}
}
}
Here the $uid
ensures that the user only reads the data belonging to them.
You can find further help with security rules here
Hope this could help you a bit?
you already implemented Firebase phone Auth, the next step is to create a document for each user to store the information you want by making use of unique uid String that comes with each user's authentication.
to add security of who reads/writes what you have to write database rulesInfo here
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.