stackoom
  简体   繁体   中英

Firebase security and phone authentication

 原文  2020-08-24 09:55:54       java/ android/ firebase/ firebase-authentication/ firebase-security

Question

I'm a new android developer and so confused about firebase rules and phone authentication. I am writing an application for a scheduling system. Right now, I'm using a phone number to authenticate users. In my plan, I want to save the appointments in my realtime database firebase, and for each phone number I want to add user information, like name and their appointments. The first question is how can I create a user for each phone? can I do that with phone authentication or do I need to create a user object and save it in the realtime database? The second question is about security. I want my users to be able to see all the free appointments and to schedule one or more. What rules do I need to set for each user?

2 answers

solution1
 1 ACCPTED  2020-08-24 10:11:47

You can use Firebase Authentication via phone number as here . Once a user authenticates himself then a unique Uid is created for that person which you can use to get the User data using auth variable. This is using Firebaseuser as documented here

If you want to make custom made fields for a user I would advise to get the Uid and then create a user databse in lets say /Users using the Uid as the primary key, that would be something like /Users/Uid

Further if you want your authenticated users only to see the free appointments you can do something like below, assuming the Appointment branch in root contains the available free slots.

{
  "rules": {
    "Appointments": {
      "freeSlots": {
        ".read": "$uid === auth.uid"
      }
    }
  }
}

You can then manipulate the database via your codes, probably shift the free slot from Appointment to the /User/Uid

Then if you wish the user to see his slots only, you can write the rules like below

{
  "rules": {
    "Users": {
      "$uid": {
        ".write": "$uid === auth.uid"
        ".read": "$uid === auth.uid"
      }
    }
  }
}

Here the $uid ensures that the user only reads the data belonging to them.

You can find further help with security rules here

Hope this could help you a bit?

solution2
 0  2020-08-24 10:14:41

  1. you already implemented Firebase phone Auth, the next step is to create a document for each user to store the information you want by making use of unique uid String that comes with each user's authentication.

  2. to add security of who reads/writes what you have to write database rulesInfo here

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Firebase Phone Authentication Firebase Phone Authentication not working Firebase phone authentication not working in android firebase phone number authentication getting null reference UserCancellationException while implementing Firebase Phone Authentication Firebase Auth problem regarding phone authentication phone number authentication in firebase auth in android Using Firebase phone authentication inside Fragment android How to stop an ongoing phone authentication request with Firebase Using Firebase Authentication but need to improve security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM