Home > other >  Angular use of tokens when writing/reading from firebase rules-protected data
Angular use of tokens when writing/reading from firebase rules-protected data

Time:09-17

The question: What is the model for using auth tokens to read/write from Firebase data?

Long form question: I have successfully logged-in to Firebase and I have a set of auth token data in response to that login. I presume that when I do an http.get() or http.patch() to the Firebase document, I need to pass that token back. But I haven't sorted out how to do this properly.

Framework ionic w/ angular

Setup I have a Firebase data set established and I have set the access rules as follows:

{


  "rules": {
      "mission-cafe" : {
        ".read": "auth != null", 
        ".write": false
    },
      "issues" : {
        ".read": "auth != null", 
        ".write": "auth != null"
    }
  }
}

When I make an auth request to firebase, I get back a set of user data that looks like this:

Object
accessToken: "eyJhbI-long string-ww3w"

expirationTime: 1631656873062

refreshToken: "ACzBnC another long string dUJHK-"


[[Prototype]]: Object

So, now when I read/write from the Firebase Realtime Database, I think I should pass back one of the tokens as part of the JSON payload in the html.get() or html.patch() statements.

const getString='https://freelance-xxxx-default-tdb.firebaseio.com/xxxxxx.json';
return this.http.get<{ [key: string]: MyData }>(getString).pipe(...)

Key question 1: What is the proper syntax for placing the token data that I got back from the original auth?

As I read the documentation, I should evidently send back an &auth='long-token-string" in the http.get() or patch() statement... but I haven't been able to find documentation about which token to return and whether the keyword auth is in fact the right identifier for that string.

Key Question 2: Apparently sending a uid is an option in lieu of an auth token. In my application, I want to begin with anonymous login, so I won't have a uid at the time of the first data access. Am I missing a concept?

Thanks for the help.

Paul

CodePudding user response:

You need to retrieve the Firebase ID token from the client, by following the method described here in the doc, i.e. firebase.auth().currentUser.getIdToken(/* forceRefresh */ true).

Then, as explained here, you add it at the end of the url as a query string parameter: const getString = 'https://freelance-xxxx-default-tdb.firebaseio.com/xxxxxx.json?auth=' idToken

Since you don't share that much code, here is a generic JS example with the axios library:

 firebase     // use this.fireAuth.signInAnonymously() in your case
    .auth()
    .signInAnonymously()
    .then((userCredential) => {
      // We get the user from the userCredential,
      // but we could very well do firebase.auth().currentUser as well
      return userCredential.user.getIdToken(/* forceRefresh */ true);
    })
    .then((idToken) => {
      return axios.get(
        'https://freelance-xxxx-default-tdb.firebaseio.com/xxxxxx.json?auth='   idToken
      );
    })
    .then((response) => {
      // handle success
      console.log(response);
    })
    .catch((error) => {
      // handle error
      console.log(error);
    });

Side note: Is there any specific reason for not using the JS SDK for interacting with the RTDB? It is easier than using the REST API.

Page link:https//www.codepudding.com/other/114823.html

Prev:How can I resolve "A RenderFlex overflowed by 77 pixels on the bottom."
Next:React Native: Iterating through an array of data pulled from firebase only renders the first item in
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding