Setting firestore security rules without using Firebase Authentication

Question

I have an angular web application and I am not using Firebase Authentication, for logging in my users, as it's done via a service.

Right now, my firestore account has full access, anyone can perform any operation.

I read the documentation of security rules and everywhere it mentioned firebase auth. Is there a way to define rules, without using firebase auth?

score 10 · Answer 1 · answered Jan 07 '19 at 23:42

10

You can certainly use security rules without Firebase Auth, but you won't be able to write any rules that depend on identifying the individual user. To put it more specifically, you will not be able to use the auth variable effectively at all, since it's only populated with data from Firebase Auth.

Without auth information, all you'll be able to do is check the contents of documents to be created or modified. Yout won't be able to defined secure per-user rules.

answered Jan 07 '19 at 23:42

Doug Stevenson

297,357
32
422
441

1

Thanks for the response! Can you give an example of such rule? – Sarah Mandana Jan 08 '19 at 00:03
Check the documentation: https://firebase.google.com/docs/firestore/security/rules-conditions#data_validation – Doug Stevenson Jan 08 '19 at 00:17
I am also restricted to using another authentication service. Is there any way to instead of checking auth, some other document or pass the UID in with the request to make sure it matches the UID in the document? Really need to integrate with my customer's existing setup. – Wesley Barnes Mar 10 '21 at 16:10
@WesleyBarnes No. – Doug Stevenson Mar 10 '21 at 16:12

Setting firestore security rules without using Firebase Authentication

1 Answers1

Linked