I'm creating a registration to an app that I'm developing but I can't seem to read the information I'm storing on my firebaseDB.
My rules on the firebase are already
"rules": {
".read": true,
".write": true
I've tried some youtube tutorials but even after doing the exact same thing it didn't work.
Related
I'm trying to write a project using Realtime Database (firebase) and Angular. Lately I've been trying to learn how to use roles in a project (user, manager, admin, etc.). Did I understand correctly - in the case of using Realtime Database, it is impossible to create roles. Instead, you need to use the rules in the database:
rules: {
"adminContent": {
".read": "auth.token.admin === true",
".write": "auth.token.admin === true",
}
Everything was very good until I read:
Firebase gives you complete control over authentication by allowing you to authenticate users or devices using secure JSON Web Tokens (JWTs). You generate these tokens on your server, pass them back to a client device, and then use them to authenticate via the signInWithCustomToken () method.
What does "your server" mean? I am using Realtime Database and firebase authentication and this is not enough and I need server?
Maybe there is an easier way to add roles to the Realtime Database, I just haven't found it?
All,
I have been working on an Android App that uses firebase realtime database, cloud store and authentication. It's never going into production on the google play store - however I am worried that in a few days time, the access to the database will be denied because I don't have 'strong' rules - whatever 'strong' are.
Currently, the rules are set as follows:
"rules": {
".read": "auth.uid != null",
".write": "auth.uid != null"
}
}
The database and all functionality work great - what can i do to add to these rules to satisfy firebase that I now have 'Strong' rules - or at least prevent access from being denied in 30 days - as I need this app to show the functionality of the database etc.
Thanks
Automatically when you change your Firebase rules it will be propagated throughout all the database, there is no need for users to update your app, what you need to be sure is that the users have any login provider (google,facebook) because these rules are saying that only authenticated users can read and write into the database.
If you post this rules without an authentication provider from Firebase, your users will see a blank screen and they will not be able to read/write, if you have implemented a login system with any provider you would be fine
I am getting a list of users in an organisation from the Jira ServiceDesk API, as documented on this page.
So far this is working as expected but today all off a sudden the code is broken. That is to say; the results im getting from the API have changed. As the docs state i SHOULD be getting values that include the field emailAddress. However since today i am getting the right users, but there is no longer an emailAddress field. The following is the result (structure) i'm recieving:
{
"size": 1,
"start": 0,
"limit": 50,
"isLastPage": true,
"_links": {
"self": "https://someprefix.atlassian.net/rest/servicedeskapi/organization/1/user?start=0&limit=50",
"base": "BaseURL",
"context": ""
},
"values": [
{
"accountId": "123456:SomeGUID",
"name": "SomeUserName",
"key": "someusername",
"displayName": "Some Username",
"active": true,
"timeZone": "Europe/Amsterdam",
"_links": {
"jiraRest": "LinkToTheThisUser",
"avatarUrls": {
"48x48": "LinkTo48X48Url",
"24x24": "LinkTo24X24Url",
"16x16": "LinkTo16X16Url",
"32x32": "LinkTo32X32Url"
},
"self": "LinkToThisResource"
}
}
]
}
I asked to check the setting User email visibility and it is currently set to logged in users only.
My question:
Why is this field suddenly missing from the API? Is there or are there settings i'm unaware off that influence this field being present or not?
Ok, it seems this is by design to keep in line with GDPR guidelines. Long story short; emailAddress will no longer be reliably part of the API's since a user now has to consent to it. If not all users emailAddresses are reliably part of the response this makes for a poor field of comparison in synchronization applications.
Which profile information will apps be able to access?
Any personal information users set as Anyone will be available for apps to use. For
example, apps will be able to access this information, store it, and
show it to other users.
Users' local times and locations will always be available to apps,
regardless of their visibility settings. This lets apps customize
their experiences.
Users' email addresses will be available to some apps that have been
approved by Atlassian. Note that if a user chooses to set their email
address to Anyone, then any installed apps will be able to use it.
When users install apps, the apps will request that they consent to
share their profile information with the apps. If they consent, the
apps will have access to all of their profile information. This is not
applicable to admins.
However. There will be a new API giving access to user emailAddresses regardless of user settings. Access to this API is restricted to approved applications. More about this can be found on this page.
In order to apply for access to this API the app must meet all current
requirements for being listed on Atlassian Marketplace (even if the
app is not listed on Atlassian Marketplace).
This means:
The app developer has provided a privacy policy
The app developer has provided a customer terms of use agreement
The app developer must signal whether or not the app collects and stores personal data.
If the app is storing personal data the app must report the accountIDs that have been collected and stored every 15 days.
I've got Firebase Database working on iOS.
Everywhere the doc tells me that using
{
"rules": {
".read": true,
".write": true
}
}
Will make the DB open to "the world". So I want to limit access to my app only. The doc says how to append user auth and rules according til this.
But I just want general auth for the app, not per user.
How do I achieve that?
Thanks,
I'm using Firebase to handle my Google OAuth login for my website. Does anyone knew how to restrict the users who have access to the application? For example, I only want x#gmail.com, y#gmail.com, and z#gmail.com to successfully be able to log in via google to my application.
I wasn't sure if this was a Firebase or Google question, but any help would be much appreciated.
Firebase's authentication handles only that: the authentication of users through any of the mechanisms you enable. Whether those users have access to your data is called authorization and it is handled through the security rules of your Firebase.
So:
Authentication allows the user to identify him/herself with your application. See Firebase's documentation on authentication (for JavaScript/Web, but it exists for all supported platforms).
Authorization limits read/write access to your data to specific users, based on their authentication. See Firebase's documentation on its security rules.
Limiting access to your data to specific email addresses is certainly possible. I recommend that you read Firebase's documentation on its security rules and try to make it work based on that. If you have any problems, post what you've tried and we'll be able to help you better.
These rules will allow anybody to login, but only the listed email addresses to read or write data:
{
"rules": {
".read": "auth.email == 'x#gmail.com' ||
auth.email == 'y#gmail.com' ||
auth.email == 'z#gmail.com'",
".write": "auth.email == 'x#gmail.com' ||
auth.email == 'y#gmail.com' ||
auth.email == 'z#gmail.com'"
}
}