Add custom claim to id token

teacherman · January 31, 2022, 4:55pm

perfect!! that's all I wanted to know!! now I can do what you have just said!

teacherman · January 31, 2022, 7:10pm

I have one more thing......doing all that reading came to this... Retrieve ID tokens on clients

When a user or device successfully signs in, Firebase creates a corresponding ID token that uniquely identifies them and grants them access to several resources, such as Firebase Realtime Database and Cloud Storage. You can "re-use" that ID token to identify the user or device on your custom backend server. To retrieve the ID token from the client, make sure the user is signed in and then get the ID token from the signed-in user........How do I send the auth id token to storage so it can grant me access to the files as an auth user?

ive read all the guide but it did not help with my issue.....How do I tell storage that the user trying to access the files is authenticated already? because it acts as if the user wasn't since it won't let access to files with the security rule " if reques.auth"

teacherman · January 31, 2022, 7:34pm

this guy was having the same issue as me......however he was not using app inventor.....

TIMAI2 · January 31, 2022, 8:12pm

Your answer should be here:

Either use the authenticated user's idToken to allow access to a file, or provide them with the downloadToken for the file, based upon your criteria of whether they should have access (e.g. have they paid?) You should be able to do all this in the app with blocks.

teacherman · January 31, 2022, 9:04pm

I did exactly how you explain in the guide......through the google.apis link using my own info directly to the set image picture to: google.apis bla bla bla...... i dont want the world readable code so I decided to go for the "secure bubble" and it sends me back an error....error 1109 the specified url is not valid...

TIMAI2 · January 31, 2022, 11:16pm

You must have something wrong in the blocks, it is working OK for me here.

Just checking, you have set up the secure rules for storage ?

teacherman · January 31, 2022, 11:39pm

I will check my blocks.......I definitely have something wrong in my blocks.....I will send pictures as soon as I'm done working for the day...

teacherman · January 31, 2022, 11:51pm

I got the blocks mixed up.......the top picture in the guide is for world readable......the bottom pic is for auth.....sorry!!! my bad!!

teacherman · February 1, 2022, 4:12am

great! Now I don't get the error message, however I do not get the picture to show......I tried a text box to check on the result I get with 'whenweb1 got file send file name to text box and I get something like : /storage/emulated/0/android/data... etc... What would be the next step after the get procedure?

teacherman · February 1, 2022, 4:24am

I have just read this does not work for video......so I have to go all the way back with my project.......I was just thinking about giving access through creating a tag in the Realtime database called...paid/unpaid on each user ..... and from there.....send a connection from the end user to the tag to check if permission should be denied or allowed......what's your opinion?
how safe is this?

TIMAI2 · February 1, 2022, 9:16am

You can store video files on Firebase Storage
You can download video files from Firebase Storage
You can stream (with a bit of work) video files from Firebase Storage

Access Method:

User pays for access to certain content
Filenames/downloadTokens updated in user's list

teacherman · February 1, 2022, 2:35pm

There is no video for the secure version, it would be exactly the same as the non secure one!

is this only for deleting purposes? I did not understand that part....is this for all the processes or just the deleting process?

TIMAI2 · February 1, 2022, 2:41pm

I do not understand any of what you have said ?

teacherman · February 1, 2022, 2:43pm

in the guide.... under the delete process , you wrote:

'There is no video for the secure version, it would be exactly the same as the non secure one!

but I am not sure if you mean this for all the processes such as download or just the delete file process?

TIMAI2 · February 1, 2022, 2:45pm

Ah sorry, if you had read the previous page for "no rules", you would have seen a video provided to demonstrate the process. I didn't make a video for secure rules because it would have looked exactly the same.

teacherman · February 1, 2022, 3:04pm

got ya!!! thanks a lot mate! you are being sooooo helpful!

teacherman · February 1, 2022, 5:22pm

This could also be another solution since the download process using firebase storage 'downloads the file' to the users phone....which I don't like........ I would rather have all of my content to be online access only......just like google drive........I was thinking about making the app user sign in with google account so he can access google drive through the app and then handle the permissions with the 'google share option' which I find easier to handle.

what's your opinion?

TIMAI2 · February 1, 2022, 6:36pm

This is not the solution for that, but I will have a think about how it can work.

TIMAI2 · February 1, 2022, 11:09pm

OK, I have weighed up the pros and cons of both methods, and for what i know of what you want to do, Firebase Storage comes out on top over my GD Connector approach.

However you might want to consider this extension as an alternative:

teacherman · February 2, 2022, 3:20am

thanks a lot!