Académique Documents
Professionnel Documents
Culture Documents
Remember the database rules we changed? We made it so anyone can read and write data without checking
authentication.
Let’s change it back to the default rules, which means that users need to be authenticated to read and write data.
These rules are enforced by the Firebase servers. So there is no way for our users to bypass the rules that we set.
21. Reading from the Firebase Realti… .write Describes whether data can be written by the user.
.validate De nes what a correctly formatted value looks like, whether it has child nodes, and the
22. Database Implementation - Rea… data type.
https://classroom.udacity.com/courses/ud0352/lessons/daa58d76-0146-4c52-b5d8-45e32a3dfb08/concepts/b1d107aa-5a83-4cd4-b1… 1/2
23/12/2017 Firebase in a Weekend (Android) - Udacity
Firebase Database Security includes a set of prede ned variables that enable you to customize data accessibility.
25. Database
Clase 1: Security
Below is a list of prede ned variables and a Database
link to eachSecurity Rules
Saturday
API reference.
root Corresponds to the current data at the root of the database. You can use this to read
28. Why is it Great to Authenticate? any data in your database in your rule expressions.
newData Corresponds to the data that will result if the write is allowed
29. Quiz: Why is it Great to Authenti…
data Corresponds to the current data in Firebase Realtime Database at the location of the
30. FirebaseUI Authentication currently executing rule.
$variables A wildcard path used to represent ids and dynamic child keys.
31. Authentication in the Console
auth Contains the token payload if a user is authenticated, or null if the user isn't
authenticated.
32. Getting Started with FirebaseUI
We will expand on the auth variable because we will use it in database security examples.
33. Authentication Overview
Auth
34. AuthStateListener and AuthUI
The auth variable contains the JSON web token for the user. A JSON Web Token is a standard that de nes a way of
securely transmitting information between parties, like the database and a client, as a JSON object. Once a user is
35. Signing In FriendlyChat
authenticated, this token contains the provider, the uid, and the Firebase Auth ID token.
36. Handling Cancelled Sign In The provider is the method of authentication, such as email/password, Google Sign In, or Facebook Login.
The uid is a unique user ID. This ID is guaranteed to be unique across all providers, so a user that authenticates
37. Auth in app - Signing Out with Google and a user that authenticates with email/password do not risk having the same identi cation.
The Firebase Auth ID is a web token. Yes, this means that there is a web token inside of the Auth web token! This
38. Saturday Check In
token can contain the following data:
Data Description
email_veri ed A boolean that is true if the user has veri ed they have access to the
email address. Some providers automatically verify email addresses. You
can customize authentication to include email veri cation for
email/password on iOS.
rebase.identities Dictionary of all the identities that are associated with this user's
account.
rebase.sign_in_provider The sign-in provider used to obtain this Firebase Auth ID token.
SIGUIENTE
https://classroom.udacity.com/courses/ud0352/lessons/daa58d76-0146-4c52-b5d8-45e32a3dfb08/concepts/b1d107aa-5a83-4cd4-b1… 2/2