Firebase with Web Component

D_M · September 25, 2025, 4:59am

Hi @TIMAI2 I tested all the various elements that are available through the REST API in your "Firebase Demo: No Security with Web Component" guide.
All work well! Great!
Now I'm trying to add rules for anonymous signin (read and write) and I refear to your guide "Firebase Demo: Anonymous SignIn with Web Component"
For now I would like to test rules when I click a SAVE button (write rule).
For the moment I do not neet an "error" notifier.
Unfortunately when I click on SAVE button, values are not stored in RealTime DB (storing well works without rules!)
I attach Firebase settings and MIT blocks.
Could you help me, please?

D_M · September 25, 2025, 5:00am

The blocks

TIMAI2 · September 25, 2025, 7:30am

Go back and read the blocks in the guide, you have left out some important parts - error check for refresh token, and setting data, both in the Web1.GotText event.

There is the example aia project there in the guide, for you to use, to get started with!

D_M · September 25, 2025, 8:37am

I used yor example @TIMAI2 .
I put my http address and API.
Attached the error message

TIMAI2 · September 25, 2025, 10:20am

Demo aia works fine for me here.

Did you sign in and get the signed in notifier?

Have you set your rules for the correct project bucket?

D_M · September 25, 2025, 10:34am

Hi @TIMAI2
My rules are

{
"rules": {
"demoANON": {
"$uid": {
".read": "$uid === auth.uid && auth.token.firebase.sign_in_provider === 'anonymous'",
".write": "$uid === auth.uid && auth.token.firebase.sign_in_provider === 'anonymous'"
}
}
}
}

The first think I do when the app oppens (in companion) is to click on signin button. in that moment I receive the error message

TIMAI2 · September 25, 2025, 11:40am

Have you correctly set Anonymous in Authentication ?

D_M · September 25, 2025, 12:00pm

Yes.

TIMAI2 · September 25, 2025, 12:20pm

That is the wrong page, you want Metodo di accesso

You should also reset your tinydb values, so that they all start empty.

D_M · September 25, 2025, 12:35pm

@TIMAI2 you are a genius!
The problem was related to the tinyDB. It was not empty but with a "not found " value.
I setted this to empty and now your app works correctly. Thank you!!!

But now I have to test my app...

D_M · September 26, 2025, 7:24am

Hi @TIMAI2 I'm close to a solution, but I'm still noticing strange behavior in my app. The situation is this:

FIREBASE

Anonymous access method
The rule allows both writing and reading in "cartella-eventi"

APP

I normally receive the token upon sign-in. I'm certain of this because I see the TinyDB content in a label.
My intention is to save the contents of "PUT TEXT" in a subtag of "cartella-eventi". I write the subtag name in the "TextBox_scrivi_tag" label.

the blocks look like this.

PROBLEM

using the blocks as shown in the photo, I get the "access denied" error message.
if I remove the subtag from the blocks to save the data directly to the "cartella-eventi," the data is saved, but in an automatically created subtag (YQL1x...).

7 - problema

What do you think I'm forgetting?
Thank you very much for your help

TIMAI2 · September 26, 2025, 8:04am

Your path in Web1.Url looks incorrect, based upon what you show in your console outputs

D_M · September 26, 2025, 8:28am

The only change I make is the elimination of 2 blocks here in orange...

What is incorrect?

D_M · September 26, 2025, 9:19am

@TIMAI2 it seems I need to authorize with another rule the node "Textbox_scrivi_tag" under the node "cartella-eventi"???
How?
In my knowledge a role applied to a node, applies to all sub-nodes.... is it true?

TIMAI2 · September 26, 2025, 10:00am

Why do that? No-one other than the anonymous user who created can read anything under that node, so it is not needed.

From what you show from the firebase console your path is (assuming cartelli-eventi is the set projectBucket):

firebaseUrl/cartelli-eventi/uid/INFO_LIBRE.json&auth=...

with the PUTText of:

{"valore1":"yourValue"}

D_M · September 26, 2025, 10:33am

CLARIFICATION REQUEST
User 1: He creates an event in which some information is paid for

User 2: He pays to access the information from User 1's event

If with anonymous authentication, only the person who creates the data (User 1) has access to it, how can User 2 access the information created by User 1?

Are you telling me I can't protect the data for my app?
Sorry, but this is confusing because I thought ALL anonymously authenticated users could access data created by other users and placed in the buckets authorized by the rules...

How can I set "cartella-eventi" as projectBucket?

No... Path in console is
-URL
---cartella-eventi
--------ID for events 1
---------------INFO for events 1
--------ID for events 2
---------------INFO for events 2
....

Put text is

INFO_LIBERE
------valore 1
------valore 2
------valore 3
INFO_SEGRETE
------valore 4
------valore 5

TIMAI2 · September 26, 2025, 10:37am

I beg to differ (your image where you show a uid for an anonymous user):

If you want authenticated anonymous users to read other authenticated anonymous user data, then you would need to change your rules. I was quite clear about the rules i set in the guide.

We are veering off topic again, if you want help with how to use Firebase, I have provided links to the documentation, and there is always StackOverflow which is the default question asking platform for Firebase.

D_M · September 26, 2025, 10:55am

Ok @TIMAI2, I do not agree that I'm offtopic, but I respect you... so my last question where do you explain how do this?

TIMAI2 · September 26, 2025, 10:56am

I do not show such rules, specifically. You could look here for ideas:

or in the Firebase documentation or on StackOverflow

e.g.:

D_M · September 26, 2025, 10:58am

Thak you Tim!