How to allow only admin App to write to Firebase?

Question

I have two separate apps, one app is for normal users that can only read firebase Database and storage and another app is for uploading data to firebase. I have opened firebase rules "Read, Write = true".I need to allow only to admin/upload the app to upload data to the database and storage ( if it is possible with some simple ID for admin app).

The posts I already looked:

how-to-only-allow-one-admin-user-to-write-firebase-database allowing-specific-user-write-access

What is the problem on the linked thread that you mentioned? — Md. Asaduzzaman, Dec 06 '19 at 12:01
if you could explain how to send that ID from Android to firebase and how to write rules, i dont understand how to send id to firebase — Mutata, Dec 06 '19 at 12:32
You have to set rule in Firebase manually and have to write query in android to upload the content. Have you tried anything about coding? — Md. Asaduzzaman, Dec 06 '19 at 12:35
Firebase rules can't distinguish the app that is being used to access the data. That would also be quite meaningless, as anyone can take your configuration data from the app and write their own code using the same configuration. Instead you will need to identify the user that is using the app, and see if their operations are allowed based on their identify or a role (that you assign to them). Unless you've already tried to implement that, there's not a lot we can do here. — Frank van Puffelen, Dec 06 '19 at 14:22

score 3 · Answer 1 · answered Dec 06 '19 at 14:09

Step 1: you have to authorize a certain user. To do so go to : Develop -> Authentication -> Add User

Step 2: You have to set the rules in Firebase.

Go to Database -> Rules and give an access to a certain user to alter the db.

Here's an example of set of rules for a user to alter "Tokens" field:

{
"rules": {
"Tokens" : {
"$uid": {
".read": true,
".write": "auth.uid === $uid"
   }
  }
 }
}

JavaScript code sample:

var email = "XXX@XXX.XXX; //The user that you authenticated in Firebase
var password = XXXXXXXXXXX; //Password of that user
var uidValue = XXXXXXXXX;
const auth = firebase.auth();
//Sign in
const promise = auth.signInWithEmailAndPassword(email, password);
promise.catch(e => console.log(e.message));

//Add a realtime authentication listener
firebase.auth().onAuthStateChanged(firebaseUser => {
    if (firebaseUser) {
        const rootRef = firebase.database().ref();
        const usersRef = rootRef.child('Tokens');
        const uid = uidValue;
        const daveRef = usersRef.child(uid);
        daveRef.set({
            id: 232 //New ID
        });

    }
    else {
        console.log("not logged in");
    }
});
firebase.auth().signOut();

And Finally, the firebase realtime database has the following Fields:

"Tokens" : {
"[UID value (e.g: 123XXX)]" : {
  "id" : "164"
  }
 }

Looking the javascript code, I can see how this would work if you wish to enable specific users to modify only certain areas of firebase. In my case, I'll be the only user with write permission to the entire database therefore I won't need .child. I tried to replace it with const rootRef = firebase.database().ref("MyTable"); How do I then pass uid to daveRef since it is not a child? — Butri, Dec 10 '20 at 14:46
Thanks. I actually had exactly that in my rules but was struggling to point to the right branch in the js code. I've managed to solve it by just using const rootRef = firebase.database().ref("MyTable") and ignoring whatever was after which didn't suite my case. I just need to create and update record at the root of that specific table, nothing more. Cheers — Butri, Dec 10 '20 at 15:44
@Butri, Do the same steps for authenticating a user. For the rules, you need to add rules to write all the database and not specific tables. The rules should look like this: "rules": { ".read": true, ".write": "auth.uid === $uid" } This gives the authenticated user access to write all the database — Sinan Noureddine, Dec 10 '20 at 15:44

How to allow only admin App to write to Firebase?

1 Answers1