I have a Firebase application that only uses Google authentication. I want to give users that have never authenticated with my Firebase project access to parts of the database based on the uid of the auth provider. I want to retrieve the Google uids using the directory API and then store them in the whitelist node.
whitelist: {
12345678: true,
23456789`: true
},
data: {}
Then I would like to do something like this in the security rules:
"rules": {
"data": {
".read": "root.child('whitelist/' + auth.providerUid).exists()
}
}
Or something like this:
"rules": {
"data": {
".read": "root.child('whitelist/' + auth.providerData[0].uid).exists()
}
}
But is it possible to access the provider uid in the security rules? And if so, how does this work?
答案 0 :(得分:2)
firebase.identities与此用户帐户相关联的所有身份的字典。字典的键可以是以下任何一种:
phone,google.com,facebook.com,github.com,twitter.com。字典的值是与帐户关联的每个身份提供者的唯一标识符的数组。例如,auth.token.firebase.identities["google.com"][0]包含与帐户关联的第一个Google用户ID
所以看起来你需要auth.token.firebase.identities["google.com"][0]。我必须承认我从未使用过这个,因为我的安全规则仅依赖于用户的主要ID:auth.uid。