so what are your rules of firebase now? show a screen shot.
This doesn’t work. It gives me the error above.
This is the only thing that lets me have access to the DB.
I have tried to follow all the direction on the two pages you linked me to as well as on Firebase Authentication - Kodular Docs. Nothing seems to work.
I have also put both SHA-1 keys (one from Kodular Settings and one from Google Play Console) in the App settings and added that JSON file to the app. I have whitelisted all 3 client IDs from the JSON file in Google Sign In settings too. My Users show up under the authentication screen on Firebase as signed in, but can only access the database if I have the test rules in place.
try watching this video to understand how this works, i am too much busy these days otherwise i check that and configure for you.
I’m using a realtime database and found the video about rules for that instead here
It’s telling me to do exactly what I’ve been doing as far as rules go. “auth != null” should be working. I technically have about 4 different users that all need read/write access. This rule doesn’t work as it should.
My only thought is that something isn’t set up properly between the app and firebase, but I can’t figure out what. Your “tool” to find the correct ClientID in the JSON file is missing so I whitelisted every clientID I found in there. I added the SHA-1 from both the key stored in Kodular and the one that Google uses to the app (each key created a new client ID and I whitelisted them both). The package name is correct and my rules should be working. My users are listed in the Authentication page and I can see the last time they signed in. I have also made sure the google login is ran each and every time the app starts to make sure I don’t have an expired token or anything.
The only other things I can think of is that each screen uses a different project bucket for organization purposes or this doesn’t work with RTDB. Could either of those be the issue?
Looks like I’m not alone, I have no idea if this user got his issue solved, but it appears to be the same issue.
Got in contact with @Vishwas a few days and after some hard work we get to the bottom of this.
Firebase doesn’t recognize our apps as authenticated even if we make everything right, so in order to make it work we must set the rules to the test environment (open).
He said that have added it to their bug tracker and we probably will get a solution to it in the next update once this is a huge issue and everybody’s data that uses Kodular and Firebase are vulnerable now.
In order to protect your data, I suggest to use obfuscated text block when using your Firebase keys and encode sensitive data before writing on Firebase, it prevents to expose data and the access to your Firebase if your app gets decompiled.
Even if the hacker gets access to your Firebase the content will be encrypted so it gives some extra work to the moron.
Okay, thanks for letting me know. My app is only used internally by about 20 Android tablets that all use the same Google account. It’s not publicly available so I’m not crazy worried. How do I use the obfuscated text when the firebase data is entered into the Kodular creator?
WOW!! THIS IS A HUGE ISSUE!! Even if we encrypt our data it does not stop someone from deleting everything if they do get in, does it?! We should have been made aware of this. @Diego @Vishwas @Hossein
It’s not as big of an issue for me since my app isn’t public… But it’s definitely a HUGE issue for anyone trying to use firebase to store user data this way. All your data is belong to us!
Kinda glad I did my due diligence at work today.
1 Like
Hi
There is no need to worry, your Firebase data hasn’t been compromised. If you use Firebase rules to authenticate users, you’ll occasionally see that some authenticated users are unable to access any data.
Your data isn’t exposed to unauthenticated users if you have your rules set up correctly.
Hi @Vishwas,thanks for the response and HAPPY BDAY!!
I don’t understand. Is there an issue or not? @guilhermemaracaipe said: ‘Firebase doesn’t recognize our apps as authenticated even if we make everything right, so in order to make it work we must set the rules to the test environment (open).’
And as @GaryH has also stated we can’t seem to get access to user data when we set up the rules. What does ‘occasionally’ mean? If I launch the app and 5% of my users can’t get access to their data then it’s a big deal.
What I’ve experienced is that when setting up the rules I’ve not been able to access user data 100% of the times I’ve tried. I’ve followed tutorials as closely as possible to no avail, so i don’t know if this is a component issue or if I’m missing something, the auth tutorial in the docs has an AIA link but it’s broken, at least that way I could test to see if I’m doing something wrong or it’s acctually an issue with Kodular as was stated here.
Please help! Thanks!!!
1 Like
Hi @Vishwas, happy birthday!
Sorry but, when we where testing none of the firebase rules was working, it only works when it was setted to read = true and write = true.
This way our data are exposed indeed.
1 Like
@Vishwas We have followed every step you guys have laid out. It still doesn’t work unless read and write are both set to “true” which opens the database for anyone to access whether they are authenticated or not. If there is a different way we are supposed to be doing this please let us know so that the numerous threads about this same issue can all be resolved.
I hate to be the squeaky wheel, I really do. But, I have employee information in that database. Others probably have user data that they need to keep safe in theirs and if all we can do to access it is set everything true then we (and possibly Kodular) are opening ourselves up to potential issues for not securing the information.
I don’t want to have to move my database. I like the way it is all set up. Just please help us secure it.
In Firebase while setting up an app to use it gives changes that need to be made to the Gradle files. Could this potentially be the issue? When the Firebase Authentication component is used should that trigger these changes to the Gradle files to make Firebase recognize the app?
Can I add Obfuscated text to TinyDB and still pull it elsewhere?
Yes you can
Thanks @guilhermemaracaipe , I’m in the process of obfuscating Webhook Urls and things. if I have the firebase info in the component properties, is that secured too?
Nope, you should leave it blank and set those parameters at Screen Initialize block.