6

Using the firestore online security simulation with custom claims results in an error, but it works perfectly when deployed (while actually handling real requests). The error is:

Error: simulator.rules line [5], column [23]. Property admin is undefined on object.

I have confirmed that the user actually have the claim (by the admin SDK and by using the application I'm adding the rules to).

    match /{document=**} {
      allow write: if request.auth.token.admin;
        allow read;
    }

Code

Is this expected? Is the simulator broken or am I missing something? Not being able to use the simulator will be hard as I expect to use a few custom claims in my application.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Jan Greger Hemb
  • 371
  • 1
  • 3
  • 17
  • 1
    If you are going to work with security rules a lot, you're going to be better off learning how to use the rules emulator rather than the console simulator. It's a far better tool for making sure rules work the way you expect. https://firebase.google.com/docs/firestore/security/test-rules-emulator – Doug Stevenson Aug 04 '19 at 16:24
  • Does the custom claim have to exist (ie, not be undefined) for the rules to work? I'd like to not have to add an "admin" claim at all if the user is not admin and have the rule deny access where it is undefined or false and allow where it is defined and true. – Glenn Mar 25 '20 at 01:43

1 Answers1

10

The rules simulator doesn't run with a real user from Firebase Authentication, but runs with the user you define within the simulator itself in the bottom left section of your screenshot.

So you'll need to specify the admin claim in the rules playground by selecting the Custom provider, and then editing the Auth token payload to include a token.admin property.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807