Firebase authenticate as admin

firebase firebase-security

Patrick DeVivo · Jul 12, 2013 · Viewed 19.8k times · Source

Is there a way I can authenticate with Firebase as an administrator of a firebase for full read/write access to it (already has security rules protecting parts of it), or will I have to write a security rule that somehow allows me access to the full firebase, for example by providing a certain password/key.

Is there a standard or suggested way of doing this?

Answer

Andrew's answer will only work if you're authenticating outside your client-side code (otherwise you shouldn't be using your MY_SECRET obviously). Since many people, like myself, use Firebase to avoid server code, here's an alternate answer.

In most firebase apps you probably have a "Users" object in addition to your simple login "auth" object (which only stores email and password). You can add an "isAdmin" or "isModerator" (or whatever you want) to each $user in the "Users" object.

And then your rules would look like this (assuming your auth.id matches your $user key):

{
  "rules": {
    "someObject": {
      ".write": "root.child('Users').child(auth.uid).child('isAdmin').val() == true"
    }
  }
}

Firebase authenticate as admin

Answer

Related questions