I'm trying to implement user-based security in my Firebase Realtime DB.
As a basic example, I want authenticated users to be able to read/write their own data from the "users" node.
I've tested this in the Realtime DB rules simulator and I'm getting a failed read with the following parameters:
Location: /users
Authenticated: true
Provider: Anonymous
UID: "aLoBLejDJ5P4PDZkZhe2LTxO8x32" (tried with and without quotation marks)
I got "Simulated read denied" (no explanation why though). The same happens when I try a read through a REST HTTP GET request ("Error: Permission denied").
This is my db structure:
{
"users" : {
"-LrAxMc5SANNe-p1Fd6n" : {
"test" : "lol",
"uid" : "aLoBLejDJ5P4PDZkZhe2LTxO8x32"
}
}
}
And these are the rules so far
{
"rules": {
"users" : {
".indexOn": "date",
"$uid": {
".read" : "$uid === auth.uid",
".write" : "$uid === auth.uid",
}
}
}
}
The expected result was to get THAT user's data in the HTTP response, instead I got the above permission errors.
Being fairly new to Firebase, I don't know what the problem is, if I'm understanding/implementing the rule syntax wrong or something else.
Also the uid I receveid in the HTTP response from sign up (above) looks a lot different compared to sample uid's I've seen in the Firebase docs, don't know if that's part of the issue?
The only login method in my application is currently email + password.
