0

Having a problem reading a doc from a Cloud Firestore collection. The issue is I get an exception of ErrorType: PermissionDenied and this message "Missing or insufficient permissions."

nugets: FirebaseAuthentication.net(3.6.0) Plugin.CloudFirestore(4.1.0)

public async Task<IDocumentSnapshot> GetUserAndPopulate()
    {
        var doc = await CrossCloudFirestore.Current
                         .Instance
                         .Collection("users")
                         .Document(AccountManager.CurrentUserId)
                         .GetAsync();
        return doc;
    }

the CurrentUserId is populated after sign and is correct. Each document in the users collection has a document ID of the userID in Cloud Firestore.

Below are the security rules for read and write access to the documents in users collection.

rules_version = '2';
service cloud.firestore {
    match /databases/{database}/documents {
        match /users/{user_id}{
            allow read, write: if request.auth != null && request.auth.uid == user_id;
        }
    }
}

I know that the request is being seen as not authenticated but I really don't know why?

Any Advice would be greatly appreciated.

Thanks!

AspiringApollo
  • 43
  • 7
  • What value does `AccountManager.CurrentUserId` return? – Frank van Puffelen Apr 11 '21 at 19:18
  • it returns the Correct user ID that's created when the user signs up. This id is also the ID of the document that I'd like to get. This is part of the authenticated users id in firebase authentication (not all of it for security reasons) 0VU0yjh7JwM9............. as a string – AspiringApollo Apr 11 '21 at 19:20
  • UIDs are not a security mechanism. See https://stackoverflow.com/questions/37221760/firebase-is-auth-uid-a-shared-secret That said, I'm not sure what's goign wrong here. Hopefully somebody else spots it. – Frank van Puffelen Apr 11 '21 at 19:32
  • I see, trouble is I'd like to keep the above security rule but I don't know how to actually implement the request to make sure the request.auth is not null. Thanks for taking the time to look though Frank – AspiringApollo Apr 11 '21 at 19:37

0 Answers0