0

I'm trying to update records in Firebase Realtime database using React Native via API.

During development I had Read/Write rules opened to everyone and used to update specific items using the following code

const response = await fetch(
        `https://mydatabase.firebaseio.com/myTable/recordID/basic.json`,
        {
          method: "PATCH",
          headers: {
            "Content-Type": "application/json",
          },
          body: JSON.stringify({
            field1: newValue1,
            field2: newValue2,
            field3: newValue3,
          }),
        }
      );

Now I have restricted the "write" rule to a specific user that I have created. Basically only this user (the admin) can write into firebase

".write": "auth.uid === <User UID>"

I've been trying to pass the authenticated user details at the end of the json like this

https://mydatabase.firebaseio.com/myTable/recordID/basic.json?auth.uid === <User UID>

but it doesn't seem to work.

The documentation shows options to add ID Token or Google OAuth2.

Any suggestion would be very much appreciated

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Butri
  • 339
  • 8
  • 22
  • Hi Frank, apologies for the delay! I aborted the API method and went for a different approach which I used in the past. Logged in first using firebase.auth().signInWithEmailAndPassword(email, password) then did the usual firebase.database().ref("...").update. – Butri Jan 11 '21 at 13:03

1 Answers1

2

A user's UID is not enough to authenticate them with, as that would be a huge security risk. UIDs are instead user identifiers that you can share to identify a user. For more on this see: Firebase - Is auth.uid a shared secret?

You'll need to pass in the ID token of the user to authenticate them, which you can get from using the JavaScript SDK, or from the REST API.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807