Friday, 1 March 2019

Firebase Storage Rules with Custom Claims

I am unable to get Firebase Storage work with custom rules and using custom claims.

In my Python Admin panel, I do the following to create the user and assign a claim client_id:

# Standard Auth
import firebase_admin
from firebase_admin import db, storage, auth
cred   = firebase_admin.credentials.Certificate('path_to_cert_json')
app    = firebase_admin.initialize_app(cred, 'config')
bucket = storage.bucket(app=app)

# Create User
auth.create_user(email=email) 

# Create custom claims
auth.set_custom_user_claims(uid, {'client_id': client_id})

Then for Firebase rules, I try to allow the user to only read (or download) files when the file is in a subfolder with the client_id:

File structure on storage:

/{environment}/{client_id}/other_folders_and_files

I set the following storage rules:

service firebase.storage {
  match /b/{bucket}/o {
    match /{environment}/{client_id}/{allPaths=**} {
      allow read: if request.auth.token.client_id == client_id
    }
  }
}

But that gives me an error that Permission is denied.

What am I doing wrong?

Note:

  • client_id is correct and the folder structure is correct, have checked this a million times.


from Firebase Storage Rules with Custom Claims

No comments:

Post a Comment