Angular Firestore adding rules how to send request.auth value

2
votes

I follow some howto (https://morioh.com/p/5ba92d70416f https://www.techiediaries.com/angular-firebase/angular-9-firebase-authentication-email-google-and-password/ ...)

But none talk about auth with firebase rules

I can't let allow read, write: if true; for security reason

If I switch to allow read, write: if request.auth != null; (not the best for security but better) it only works just after the log in and when I refresh homepage it didn't works anymore...

FirebaseError: [code=permission-denied]: Missing or insufficient permissions.

I want to know what is the "request.auth" thing used by firebase rules ? How can I send credentials from Angular when I send a request like getAll() ?

Thank you

2
angularfirebasegoogle-cloud-firestorefirebase-security
This document may be helpful in understanding more about Firebase security rules. - David
This one for user security may be helpful as well - David

2 Answers

0
votes

When using the provided web and mobile client SDKs, you don't "send" anything for authentication. The SDKs automatically use the currently signed in user managed by the Firebase Auth SDK. If you're not using Firebase Auth in any way, then request.auth will never get populated.

0
votes

As of May 2019, version 2 of the Cloud Firestore security rules is now available. Version 2 of the rules changes the behavior of recursive wildcards {name=**}. You must use version 2 if you plan to use collection group queries. You must opt-in to version 2 by making rules_version = '2'; the first line in your security rules: