Firebase Database And Authentication/auth SECURE RULES TUTORIAL

Hallo guis!!!
Today I will show you how to have SECURE RULES in Firebase Database

I saw a lot of discussions about this topic and I want to show a fluid and good tutorial about this topic (sorry for my english but i’m Italian)
PS I tried that method this guide on Niotron and other App makers like Kodular, I guess it will work here on Kodular.

First step: UNDERSTAND THE MEANING OF THE BLOCKS

In the picture down here you can see 3 red squares

In the 0 SQUARE you can see the 2 components that i used to make this work:
the first is the integrated component “firebase database”
and the custom FirebaseAuth component that you can download here:
com.mirxtremapps.FirebaseAuth.aix (37.8 KB)
**1 SQUARE you have to keep it free because we will use it tomorrow **
2 SQUARE you have to put in it the firebase url of your database that you can find in your Firebase Realtime database dasboard like here

Second step UNDERSTAND THE CODE
This blocks saves some parameters in tiny db for use them later when a user Logs in or Sign ups succesfully like The USER FIREBASE ID TOKEN that is different from Local Id (user id)
image

in this block when the screen1 inizialize it sets the FIREBASE ID TOKEN of the firebase realtime database token id that I mentioned before in the 1 SQUARE (You have to use this code because the FIREBASE ID TOKEN is different for every user)

Third step UNDERSTAND FIREBASE RULES
Now I will show to you my Firebase realtime database security rules:

In this image you can see the 2 buckests that i use: (Change the bucket rules between “” with your real firebase realtime database buckets’ names)
“companies_datas” and “user_posts”
My rules translated are:
Rules
"bucket named “companies_data”
the user can read this bucket only if the FIREBASE ID TOKEN is present,
the user can write this bucket only if the FIREBASE ID TOKEN is present

“bucket named user_posts”
the user can read this bucket only if the FIREBASE ID TOKEN is present,
the user can write this bucket only if the FIREBASE ID TOKEN is present

Now when you try to append or write a value in firebase realtime database, the firebase algorithm will compare the auth.uid with the FIREBASE TOKEN ID that you inserted in the SQUARE1 in the photos before, if the token is null firebase will not permit you to write and read in your firebase realtime database.
Otherwise if your FIREBASE ID TOKEN will be the same of auth.uid (in the firebase rules photo) you will can write and read your database

I wish I was good writing that tutorial, if you have some questions about this topic write a comment or give me a like for giving to all the opportunity to understand this topic.

Giacomo

2 Likes

Nice tutorial,

But what if I say, Firebase component in Kodular works without Token ID.

If you set these rules?
image

Hello guis i only want to say that in firebase extension there are a lot of bugs and this tutorial doesn’t work evry time.

For me with this rules it works

Firebase auth token in niotron never return tokens… its always gives error