Search code examples
firebase-realtime-databasefirebase-authenticationfirebase-security

Firebase Realtime rule using Identifier instead of UID

Firebase's standard Authentication table contains the following fields (samples below):

Identifier----Providers----Created----Signed In----User UID
a@b.com       Email        1/1/1970   1/1/1970     abc78e1820001092

In my Realtime database rules I can easily access User UID as auth.uid, like below:

"UserData": {
    "$userId": {
        ".read": "auth.uid === $userId"
    }
}

In our example this rule would try to match the access to the value abc78e1820001092.

But suppose I wanted my $userId to be the same as Identifier (rather than UID). How would I write a similar access rule? The problem is, there is no accessible field such as auth.identifier, so I am unable to check for something like this:

"auth.identifier === $userId".

Question: Is it possible, and if yes then how, to access Firebase Authentication Identifier in Realtime database rules (in our example that value is a@b.com)?

Thanks in advance.

Solution

  • If I understand what you want to do correctly, you can:

    1. Set the custom identifier as a custom claim on the user's profile in a trusted environment.
    2. Then access that custom claim in the auth.token variable in the security rules.