I have an issue where the firestore security rules is unable to filter out users based on their phone number. The rule is set up perfectly and it works well with the simulator but not when I test it out on a real device.
I have a collection of admins where the document ids are the phone numbers. My security rule checks if the phone number of the user is present in the collection and if it does then it returns true. I have set it up according to the answer here as follows-
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
function isAdmin() {
return exists(path("/databases/" + database + "/documents/admins/" + request.auth.token.phone_number));
}
match /tasks/{task=**} {
allow read: if request.auth.uid != null;
allow create: if isAdmin();
allow delete: if isAdmin();
allow update: if request.auth.uid != null;
}
}
}
The create and delete rules in the above snippet are getting approved when I try on a simulator but fails when I test it out on a real device. I have to also mention that if I change the filter from phone number to uid and change the document ids in the collection to the uids, it works out fine with the real device in this manner-
return exists(path("/databases/" + database + "/documents/admins/" + request.auth.uid));
It feels like it is unable to read the token value from auth. I am using the flutter package for firebase auth and firestore to send requests
