I am new to firestore database and I have developed an app in android studio accessing data from firestore database. My application has 2 types of user category 1. Admin 2. Users
I have implemented Mobile number authentication logic using API of sms service provider. I am not using google's firebase authentication. How should I write the rules for the firestore database I am unable to understand.
Admin --> can read and write to all collections
Users --> can read all collections but write only few collections
Can anyone guide me how can I achieve this.
I think a good place to start is here.
https://firebase.google.com/docs/firestore/security/get-started
Related
I am currently developing multiple apps with Firebase and I have a doubt. I have a user and an admin. My problem is if I am using the same firebase database, will the user be able to sign up into Admin's app using his credentials or both app will have different authentication. I don't want the user logging into the admin app with user credentials. If it is possible, what can I do to avoid it?
I haven't done trying it.
Can I use multiple apps on a single Firebase database?
Yes, you can.
Will it use the same auth or a different auth?
If both apps are added to the same project, then the authentication will be the same for both projects. This means that the user can use the same account for both projects. This also means that both apps can write/read data to/from the same database.
You can solve this in multiple ways
Have a different collection to store the data of the admins and then check on the login if the email is present in the collection
With the Rules of Firestore
Basically I am building a social media type app. I want to manage the auth using firebase firestore (as It is easier) and the contents posted by the user in any other SQL database. Like, if the user uploads a image it will be stored in my own database. Is it possible to link firebase with my own database? If yes, then how?
Firebase Authentication isn't related in any way to Cloud Firestore. You can authenticate your users with Firebase and save the data in any database you want, even in an SQL database. However, Cloud Firestore has some benefits. So I recommend you check the official docs.
Yes, you can use Firebase for auth only and link it to your own database.
You'll have to use the Firebase Admin SDK in your backend. Check out the set up guide.
I want to get User Data from firebase, I need the diplayName of a User. is there any way to get the displayName of a other user with his uid?
There is no way to look up information about another user in Firebase Authentication by using the client-side SDKs of Firebase, as that would be a security risk.
There are two common ways to allow searching the users in a secure way:
Write information about each user to a database (such as Cloud Firestore or the Realtime Database) when they register, and then search the database when needed. That way your code controls what data gets written and thus is searchable.
Firebase has Admin SDKs that run in trusted environments, such as your development machine, a server you control, or Cloud Functions. These SDKs have options to list users, which means you can search them. If you wrap one of the Admin SDKs in a custom API that you build and secure yourself, you can then call that from your Flutter code.
Also see:
React native firebase authentication searching
You can't get the name, or any other details of a user that is not currently signed in using FirebaseAuth.
Instead, you must create a node in your database where you store the name, and any other necessary details by querying the database.
So my current flutter project has all users logged in with only google accounts.
Is there a way to query for user UIDs with the user's gmail or google username?
Another followup question:
I can't seem to find a clear documentation for firebase for flutter specifically, is there something like this out there?
There is no way to query across the users in Firebase Authentication from the client-side SDKs, as that would be a security risk.
If you want to allow users to find other users, the two most common approaches are:
Store information about each user in the database (typically either Realtime Database or Cloud Firestore), and search across that.
Wrap the relevant parts of the Admin SDK in a Cloud Function, and call that from your app.
While the second may sound simpler/more common at first, using a database is actually by far more common with Firebase and allows more flexibility for relatively low complexity.
I want to develop an Ionic app for android and ios using firebase backend.
Requirement:
1. I want to use anonymous authentication silently so that user does not have to be worry about login.
2. I just want to display list of some items on the home page using Firestore api.
Question/Problem:
1. How does firebase will get to know that only the my app using the firestore get api.
2. If I am storing api credentials/secrets in my android app and if other user somehow knows these credentials, will that person be able to use api on behalf of my credentials and I will not be able to track the usage.
Top Level:
If someone know my firebase api credentials/secrets, will that person be able to utilize my firebase quota in case I am using firebase anonymous authentication.
Thanks in advance.
The settings you use to initialize the Firebase SDK are not "secrets". It's all very much public information that identifies your app from all the other Firebase apps out there. Every Firebase app has a similar set of public data. Once you publish your app, you should assume that everyone is able to see that data.
This means that anyone can use that data. That's why it's important to use Firebase Authentication along with security rules to make sure that people logged in can only make use of whatever resources you specify. That's the only way to lock down the data in your Firebase project. If you are concerned about security, then you should be thinking about your security rules from the very beginning.