Secret URL authentication with Firebase

2018-06-14 13:32:58

I have a client-side web app using Firestore and Cloud Functions.

I would like to set up rules such that if a user has a secret URL for a document that user is able to write to it, without need any other kind of login or authentication. Something like (pseudo-code, I just made up request.params.secret_token ):

service cloud.firestore {
  match /databases/{database}/documents {
    match /cities/{city} {
      allow read, write: if resource.data.secret_token == request.params.secret_token;
    }
  }
}

I'm confused by the various authentication options available and can't quite reason through the best way forward.

Potential options that feel close:

Anonymous authentication might be needed, that could get me an auth token. As far as I can tell I can't get very far without one of these.

Use a custom claim, but it says you can only set them securely on the server side.

Use a custom token, but this seems more applicable when I have a pre-existing sign-in server component.

if a user has a secret URL for a document that user is able to write to it, without need any other kind of login or authentication.

Simply set your database rules to allow anyone to read and/or write the data at the path specified in the JavaScript on/in that particular webpage. Maybe simply put the database read or write in a <script> tag after your firebase <script> tag right in that page.

However, like you said, anyone that visits that page/URL is gonna be able to read and/or write whatever data is in that particular node, or field, or document.

Edit the firestore.rules file like so to enable read write for anyone/all. See Documentation.

service cloud.firestore {
  match /databases/{database}/documents {
    match /<some_path>/ {
      allow read, write;
    }
  }
}

链接地址: http://www.djcxy.com/p/41428.html

上一篇: 捕获与Apache负载均衡器和node / io.socket后端断开连接

下一篇: 使用Firebase进行秘密URL身份验证