FirebaseDB authentication and Secured connection

Hello !
I read a lot of "howtodo" to secure the access to my firebase and specialy this very instructive one :

FirebaseDB secured connection?

But, despite all the setting i've done, the access to my databse is still open whithout Sign In
What i did :
I've created a simple firedatabase, set authentication by email/Password, set the rules first to True (develop step), and then to
"rules": {
".read": "auth != null",
".write": "auth != null"
From app inventor side, i've add Firebase component, firebaseauth extension
for each component Url & Token & ProjectBuket are filled correctly.
Regarding firebaseauth :
Two buttons : Sign Up & Sign In
ex for Sign IN
Regarding firebase Data acess
One text to get a Tag and one button to get the value return from tag
My Problem :
Test are OK, when i sign up a new user is created in Google Authentication User, when i sign In i got information & localID of the user (so the check process is ok)
But the access for getting the value is complitly disconnected to the sign In check
It means that i can get the value by clicking the button BtnAccBase even if i don't Sign In and even if the rules and now to "auth != null"

I don't see what is wrong ?
Anybody can help me ? :grinning:

Try setting rules like this and see if it works for you


"rules": {
".read": true,
".write": true

1 Like

Hi Dora,

Whatever the rules i put on the console (true,true or auth != nul,auth != nul) when i click the button to access the data in App, i get the correct data corresponding to the tag value.

The same for the Sign In process, i got the correct information (email & localId)
Some precisions:
Setting are on line with Firebase

It's run exactly like if firebase realtimedatabase don't mind of the rules we fill ?!

You might want to do a bit more reading, and consider moving away from an extension and using the web component....

see also here for a method to handle email verification, which can be used as a check before giving a user access to the database

1 Like

Yes, of course, before to ask help i always read other post and documentation but read do not mean understand ervery thing & perfectly ...

The problem is i've written all my app with the FirebaseExtension and i use a lot of different database in different way, so i would prefere a solution to avoid to rewrite all.

Thks, I will download & test this way.

But there is something that i still don't understand, if you use the firebase extension, and fill with the correct values the FirebaseToken, the FirebaseUrl and The project Bucket you have access to the data whatever the rules you put on the google console, is it normal ?

The rules you were using provided all (and only) authenticated users access to all the data.

If you want to further restrict an authenticated users access you will need to use different rules