I have a question regarding the instance ID or the FCM token generated on the client side.
It is supposed to be hidden and kept secret, but i have implemented the method to save the fcm tokens of all the clients under a json array named 'fcm_tokens' in the root of the firebase database, with the key:value pair consisting of 'userPhoneNumber:FcmToken', so i can easily send notifications to the users by simply getting their phone number from their orders and using it to fetch the fcm token from the firebase.
All i wanted to know is that whether this method seems alright or should i subscribe each user to their own loginPhone number so i can send using the groups. Will having too much groups cause a problem? this way each group will only have one user subscribed to it, unless some glitch in my code causes multiple users to get subscribed to the same group (phone number).
Thanks
Simply replace phonenumber to user uid in fcm token
uid:fcm_token
Now you can set rules so that only the user with their user id can read the token. At the backend you will be using admin sdk which allow full access to the database.
I'm also assuming that you have a user id reference in your order node with phone number.
The rules to restrict fcm token access will be some thing like this.
"fcm_token" : {
"$uid" : {
// add check for string
".write" : "auth.uid == $uid"
".read" : "auth.uid == $uid"
}
}