stackoom
  简体   繁体   中英

Firebase rules, using third party token?

 原文  2022-03-24 14:06:15       firebase/ firebase-realtime-database/ firebase-security

Question

I am using the Firebase database and Okta for authentication.

It is my first time diving into rules but currently, it stores the access token on the browser then redirects to the web app. How can correctly enforce this rule so that anyone with this token can read/write?

Current rules:

{
  "rules": {
    ".read": true,
    ".write": true
  }
}

1 answers

solution1
 0  2022-03-24 14:12:58

Firebase security rules can be used with Firebase Authentication only if you are trying to access information of user reading/updating database. One way would be to make requests througha Cloud function, verify Okta token there and then return data if authorized.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why is Firebase showing third party cookies on a custom hosting domain? How do I fix the problem behind "THIRD_PARTY_AUTH_ERROR" when using Google's API Explorer to send a Firebase Cloud Messaging message? Necessity of Firebase Auth ID token validation, even if there are security rules of database? Firebase Oauth disallowed user agent on third party app's web view What's the best way to store access token generated from third party API in AWS How is not using Firebase Security Rules a security risk? Firebase rules using FirebaseDatabase.net unable to make api call from vue.js project hosted on firebase to node.js backend stored in third party server Firebase Auth: How to sign in using id token? Firebase creating custom token using spotify signin?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM