Ensuring secure Firebase JSON database access through Firebase authentication

I am currently developing a mobile app using Ionic 3 with Angular, and I am utilizing the Facebook Native Cordova plugin for user login.

In terms of Firebase database security, the documentation provides guidance on rules syntax like this:

{  
   "rules":{  
      "users":{  
         "$user_id":{  
            ".write":"$user_id === auth.id"
         }
      }
   }
}

Within my app, the Facebook authentication code looks something like this:

 doLogin(){
    if (this.platform.is('cordova')) {
        return this.fb.login(['email', 'public_profile']).then(res => {
            const facebookCredential = firebase.auth.FacebookAuthProvider.credential(res.authResponse.accessToken);
            firebase.auth().signInWithCredential(facebookCredential);
            this.navCtrl.setRoot(TabsPage); 
        })
    }
}

My question is whether the 'auth' Firebase variable is properly handled in the above code, or if additional coding is required to ensure that the necessary UID and other authentication details are obtained?

javascriptfirebasefirebase-realtime-databasefirebase-authenticationionic3

Answer №1

The authentication firebase variable is managed assuming you already have the Facebook sign-in method enabled. However, the database rules being displayed may not be directly related.

These rules (as stated above):

"rules": {
    "users":{
        "$variable":{ ".write": "$variable=== auth.uid" }

Simply state that users can only write to a child node with matching uid. I used $variable instead of $user_id to emphasize that the $ signifies a placeholder for the child node's name. (I want to mention it should actually be auth.uid and not auth.id)

This setup is designed to store user-specific information. For example, upon signup, you could have a function like:

firebase.database().ref('users').child(firebase.auth().currentUser.uid).update(<your custom data here>);

*note how the child of users is "firebase.auth().currentUser.uid", which can be obtained from the 

firebase.auth().signInWithCredential()
promise.

I apologize if the explanation was lengthy. In essence, the UID is always accessible through firebase.auth().currentUser.uid post-login, and this UID is what the database rules refer to via auth.uid. Finally, authentication, UIDs, etc., are effectively handled using firebase.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Displaying components in Vue 2 using data from an ajax call

How can components retrieved from an ajax response be rendered? For instance, suppose I have registered a component called "Test" and within the ajax response I encounter: <p>dummy paragraph</p> <test></test> <!-- vue component ...

javascriptajaxvuejs2vue-router

What purpose does sending null to XMLHttpRequest.send serve?

Have you ever wondered why send is often called like this? xhr.send(null) instead of just xhr.send() ? W3, MDN, and MSDN all mention that the argument is optional. Additionally, the ActiveX control seems to work without it: hr=pIXMLHTTPRequest.Create ...

javascriptajax

Tips for querying multiple elements that share a common ID and verifying if the input has been modified

I have a series of text inputs that share a common id prefix but differ slightly at the end. Whenever a user enters text in any of these input fields, I want to trigger a function. Currently, I have this functionality implemented with the following code: ...

javascriptjqueryhtmldom

"An ActionResult is received as null when the model is passed as an

Has anyone encountered a situation where the model is null when passed to the controller? I inserted an alert in the ajax call to verify the value and it seemed correct, but upon debugging on the first line of the controller's ActionResult, it shows a ...

javascriptc#ajaxasp.net-mvc

A Complication Arises with Browser Functionality When Embedding an Iframe within

I am experiencing a peculiar problem while embedding an iframe with a specific src inside an absolutely positioned div. Here's the basic structure of the webpage: .container { position: relative; overflow: hidden; width: 100%; heigh ...

javascripthtmlcssiframecross-domain

What could be the reason for the sender message to only display once the recipient sends a message? (socketio) (nodejs) (reactjs)

Currently, I am working on developing a real-time chat application using Node.js, React, and Socket.io. The chat functionality is operational in theory, but there seems to be an issue where the sender's message only appears on the recipient's scr ...

javascriptnode.jsreactjssocketssocket.io

What are some strategies to enhance the efficiency of this code and reduce repetition?

Here's an overview of the component in question export default () => { const { currentUser, logout } = useAuth(); const [sideBarOpen, setSideBarOpen] = useState(false); const theme = useTheme(); const classes = useStyles(); const isSmall ...

javascriptreactjsmaterial-uirefactoring

Is it possible to pass a class method to an onClick event from within the render method in ReactJS?

Excuse my lack of experience, but I haven't been able to find a solution to this yet. I am attempting to utilize a class method as a callback for the onClick event in my JSX. Below is the code for my App component: import React from 'react&apo ...

javascriptreactjs

Alternate. (individually)

Issue with Running Program I've been struggling to get my program to run correctly. The task at hand is to have the program display only one question at a time. But no matter what I try, clicking on all questions displays all the answers simultaneous ...

javascripthtmlcss

Field must have a base type specified to proceed

Currently, I am in the process of developing a discord.js bot. The structure I have set up involves a folder that contains all the commands, and when a command is called, index.js directs it to the appropriate file. However, when attempting to run the bot, ...

javascriptnode.js

The extensive magnetic scrolling functionality in Ionic 2 sets it apart from other frameworks

Hi everyone, I could really use some assistance! I've been working on developing an Ionic 2 App and my navigation setup is not too complex. I have a main menu where clicking on an item opens another menu with a submenu. From there, if I click on an i ...

javascriptjqueryhtmltypescriptionic2

Is there a way to create a sequence where text fades in only after the previous text has completely faded out?

Currently, I am using JQuery to create a continuous slideshow of text values. However, after some time, multiple texts start to display simultaneously, indicating a timing issue. Even when hidden, the problem persists. My code includes 3 strings of text. ...

javascriptjqueryhtmlcss

The function setState, along with all other functions, is not defined within the promise's .then() method

Currently, I am in the process of developing a React application that retrieves data from Firebase. Whenever I use the function below to delete a record, my attempt to refresh the page and display an updated view without the deleted record fails: deleteW ...

javascriptfirebasefirebase-realtime-databaseecmascript-6promise

Struggling to delete a specific item by its ID from MongoDB within a Next.js application

Currently, I am building a todo app in nextjs to enhance my skills. However, I'm encountering some difficulties in deleting single todos from the database using the deleteOne function. Below is the frontend call: async function deleteTodo(id) { a ...

javascriptnode.jsreactjsmongodbnext.js

Data string not being converted correctly to date format

Here is a table I am currently working with: ID DateColumn 1 3/7/2019 5:29:38 AM 2 3/8/2019 5:28:38 AM 3 3/7/2019 5:30:38 AM 4 3/7/2019 5:31:38 AM The date column in this table is being processed as a string when bound to the grid. To ...

javascriptjqueryangulartypescriptdate

Tips for designing a search bar using Angular

search : ____________ I am interested in designing a search bar functionality that automatically triggers when the user inputs 8 or more characters. The input text will be stored in a variable, the search bar will be reset, and the backend API will be che ...

javascripthtmlangular

Creating a versatile function for rendering content

I am working on a unique calendar feature that involves using checkboxes for filtering purposes. So far, I have managed to get all the filters functioning correctly by triggering my render event in this manner: //Initiate render event when checkbox is cli ...

javascriptjquery

Material UI is failing to apply its styles

I tried customizing the default theme provided by Material UI, but unfortunately, the styles are not applying. Can anyone help me with this issue? In My Header.js file, I faced an issue where the customized style was not being applied as expected. const u ...

javascriptreactjsmaterial-ui

Deciphering JavaScript's Minus Equals Operator: What's the Significance?

Can you explain the significance of the minus equals symbol -= in the following code snippet? $('#wrapper').animate({ backgroundPosition: '-=2px' })(); Appreciate your help! ...

javascriptjqueryoperators

Displaying a variable in a live HTML user interface

I have successfully created a Python program that captures data from an Arduino Potentiometer and shows it on the Python console. Now, I am working on enhancing the output by displaying it in a local HTML file. I am seeking guidance on how to incorporate t ...

javascriptpythonhtmlcss