How can I let my Firebase Security Rules allow Authenticated Access to my Realtime Databas when I get "PERMISSION DENIED"

Mister SirCode

I found this question: Firebase Permission Denied which mentions using this JSON code:

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth != null"
  }
}

It only allows access to Read or Write by authenticated users. This would work perfectly for me.

The only issue is that this answer is outdated. They dont use JSON anymore as far as I know.

Currently my rules look like this:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if false;
    }
  }
}

How can I allow only Read and Write access to users with the "API Key" which I have provided and loaded in my app like in the old question?

Edit, I now know that Firebase Realtime Database uses JSON Rules and Firebase Firestore uses the actual Firebase Security Rules Language.

So after I realized this, I set all my rules to auth != null.

In realtime database rules:

{
  "rules": {
    "users": {
        ".read": "auth != null",
        ".write": "auth != null"
    }
  }
}

And also Cloud Storage rules just in case:

rules_version = '2';
service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read, write: if request.auth != null;
    }
  }
}

Yet after all of this... Im still getting these errors:

I dont get what Im doing wrong, Im directly sending in the API key correctly, I logged it just to test it, all my references are correct...

I DONT GET IT....

EDIT: Code

const firebase = require('firebase');
var config = {
    apiKey: "(Key removed... for obvious reasons)",
    authDomain: "discord-trust.firebaseapp.com",
    databaseURL: "https://discord-trust.firebaseio.com",
    storageBucket: "discord-trust.appspot.com"
};
firebase.initializeApp(config);

... Lots of code between these two ...

case `testWriteReputation`: {
                    if (msg.author.bot) return;
                    if (msg.author.id === bot.user.id) return;
                    firebase.database().ref(`BasicUserData/${msg.author.id}`).set({
                        lastLoggedUsername: msg.author.tag,
                        lastLoggedAvatar: msg.author.avatar,
                        lastLoggedDiscriminator: msg.author.discriminator,
                        userAccountCreated: msg.author.createdAt,
                        userIdentifier: msg.author.id
                    });
                    break;
                }

Entire javascript file can be found here, again, with the api key removed: https://hatebin.com/egchvudbew

Renaud Tarnec

As explained in the doc, if you want to use the auth variable in your Realtime Database Security rules (allowing you to control data access on a per-user basis), you need to use Firebase Authentication.

Once a user authenticates, the auth variable in your Realtime Database Rules rules will be populated with the user's information. This information includes their unique identifier (uid) as well as linked account data, such as a Facebook id or an email address, and other info.

Have a look at this doc for more info on how to start with Authentication.

Note that the Realtime Database and Firestore are two totally different Firebase services. They don't share the same security rules syntax.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at2020-12-17

Comments

0 comments

Firebase Storage security rules: After specifying "allow read: if request.auth != null" I can still access my files using the download link provided

How can I structure Firebase Realtime Database Rules to allow sending of "invite" URLs to non-users to allow access to protected user-data structures?

TOP Ranking

Article

How can I let my Firebase Security Rules allow Authenticated Access to my Realtime Databas when I get "PERMISSION DENIED"

How can I let my Firebase Security Rules allow Authenticated Access to my Realtime Databas when I get "PERMISSION DENIED"

Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

pump.io port in URL

Failed to listen on localhost:8000 (reason: Cannot assign requested address)

grouping by column variables and appending a new variable based on condition

Python Read Directory And Output to CSV

BigQuery - concatenate ignoring NULL

Angular 8. Unknown amount of http.get requests in array to call, must be sequential, what to use

Remove adjacent duplicates in linked list in C

Can a 32-bit antivirus program protect you from 64-bit threats

How to keep curl session alive between two php processes?

Limit number of characters in uitextview

Unable to use switch toggle for dark mode in material-ui

In C#, is there a way to create a List directly from an Array without copying?

Laravel getting value from another table using eloquent

Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

MTKView Displaying Wide Gamut P3 Colorspace

Vector input in shiny R and then use it

Modify c# Windows Forms control library

SQL Server : are transaction locking table for other users?

When I click any button in my view page the form is submitted

Can you sort columns (horizontally) in Google Sheets?