I have a Firebase application that only uses Google authentication. I want to give users that have never authenticated with my Firebase project access to parts of the database based on the uid of the auth provider. I want to retrieve the Google uids using the directory API and then store them in the whitelist node.
whitelist: {
12345678: true,
23456789`: true
},
data: {}
Then I would like to do something like this in the security rules:
"rules": {
"data": {
".read": "root.child('whitelist/' + auth.providerUid).exists()
}
}
Or something like this:
"rules": {
"data": {
".read": "root.child('whitelist/' + auth.providerData[0].uid).exists()
}
}
But is it possible to access the provider uid in the security rules? And if so, how does this work?
The syntax seems slightly different according to the reference documentation:
firebase.identitiesDictionary of all the identities that are associated with this user's account. The keys of the dictionary can be any of the following:
phone,google.com,facebook.com,github.com,twitter.com. The values of the dictionary are arrays of unique identifiers for each identity provider associated with the account. For example,auth.token.firebase.identities["google.com"][0]contains the first Google user ID associated with the account
So it seems you need auth.token.firebase.identities["google.com"][0]. I must admit I've never used this though, since my security rules rely only on the user's main ID: auth.uid.