firestore auth rule: for google signed in client

2
votes

I'm trying to establish a rule to fetch firestore data, that can be accessed by a google signed in client. So the problem I'm facing is when I'm using this rule

match /helpers/customer/data/{document=**}{
  allow read: if request.auth != null;
}

An error pops in logcat

onFailure: Errorcom.google.firebase.firestore.FirebaseFirestoreException: PERMISSION_DENIED: Missing or insufficient permissions.

also it is only working when I'm using 

match /helpers/customer/data/{document=**}{
  allow read: if true;
}

That means the path is write.

GoogleSignInAccount acct = GoogleSignIn.getLastSignedInAccount(this);

    if(acct != null){
        Log.i(TAG, "onCreate: Database Working");
        mFirestoreDB
                .get()
                .addOnCompleteListener(new OnCompleteListener<QuerySnapshot>() {
                    @Override
                    public void onComplete(@NonNull Task<QuerySnapshot> task) {
                        if (task.isSuccessful()) {
                            for (DocumentSnapshot document : task.getResult()) {
                                Log.d(TAG, document.getId() + " => " + document.getData());
                            }
                        } else {
                            Log.d(TAG, "Error getting documents: ", task.getException());
                        }
                    }
                });
    }else{
        Log.i(TAG, "onCreate: Database not Working");
    }

What I need is a rule where I can allow only a google signed in user to access.

1
jsonfirebasefirebase-authenticationfirebase-securitygoogle-cloud-firestore
Can you update your question to include the minimal code that is needed to get that error message?Frank van Puffelen
Okay I've updated the questoinAshish
How do you initialize mFirestoreDB? Does it point to a specific collection?Frank van Puffelen
private CollectionReference mFirestoreDB = FirebaseFirestore.getInstance().collection("helpers/customer/data"); this is itAshish
here data is a collectionAshish

1 Answers

2
votes

Signing in with Google does not automatically sign the user in with Firebase. You will need to also sign them in with Firebase Authentication, before your security rules will have its auth variable set.

From the Firebase documentation in signing in with Google:

private void firebaseAuthWithGoogle(GoogleSignInAccount acct) {
    Log.d(TAG, "firebaseAuthWithGoogle:" + acct.getId());

    AuthCredential credential = GoogleAuthProvider.getCredential(acct.getIdToken(), null);
    mAuth.signInWithCredential(credential)
            .addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
                @Override
                public void onComplete(@NonNull Task<AuthResult> task) {
                    if (task.isSuccessful()) {
                        // Sign in success, update UI with the signed-in user's information
                        Log.d(TAG, "signInWithCredential:success");
                        FirebaseUser user = mAuth.getCurrentUser();
                        updateUI(user);
                    } else {
                        // If sign in fails, display a message to the user.
                        Log.w(TAG, "signInWithCredential:failure", task.getException());
                        Toast.makeText(GoogleSignInActivity.this, "Authentication failed.",
                                Toast.LENGTH_SHORT).show();
                        updateUI(null);
                    }

                    // ...
                }
            });
}

But I recommend you read the entire page I linked.