I got my app working with read and write with wide-open permissions and now I'm locking it down. My app won't read or write though. I get permission denied errors despite the Firebase rules simulator saying that my rules are ok for a Facebook authenticated user whose UID I got from a successful firebase signInWithProvider
. What am I missing?
{
"rules": {
"items": {
"$uid": {
// user must match the authenticated user
".read": "auth.uid == $uid",
".write": "auth.uid == $uid"
}
}
}
}
This is my data structure:
my-firebase-app
-items: {
-<uid123> : [
{label:'apple'},
{label:'banana'}
]
-<uid456> : [
{label:'pear'},
{label:'cherry'}
]
}
- I sign into firebase after facebook auth by doing,
firestack.auth.signInWithProvider(provider, facebookAccessToken, '')
, which gives me my user object including uid - I push to
/items/uid123
and get an item id,333
- I set the item
{label:'apple'}
for the new ID (333) at/items/uid123/333
- I subscribe to the collection of items at
/items/uid123
by doing this with the web sdk:itemsRef.child(uid).on('value', (snapshot) => .....
My set call looks like,
const newPostRef = itemsRef.child(uid).push();
newPostRef.set(itemWithID)
set
promise gets rejected with permission denied error.
All the things above work fine if my .read
and .write
are simply set to true
which leads me to think my syntax or structure is just off in the rules def. Would love some input.
on()
that triggers thepermission denied
? Also note that we have no way to see how the auth flows here. Instead of a bullet list of how you think it executes, share a single snippet that (when run) triggers the error. It may help if you try to reproduce the problem in a jsbin (although that would mean having to reproduce without firestack). – Frank van Puffelenuid
field whose value is what I'm using in place ofuid456
above. I'm using the firestack web sdk for the other methods. Myon
doesn't throw an error, just doesn't fire. Myset
call (added above) does trigger the error though – again, only when my rules are not wide open and set totrue
. Doesn't seem likely that it's my JS since it works without db rule constraints? Does my rules def look correct relative to the db structure? – ABCD.ca