Hi all,
I'm using a custom authentication mechanism with API calls. Everything works ok with that. However I would like to retrieve some data from Firestore Database. The rules I have for the specific Firestore Collection is to read only if the user is authenticated as shown:
match /MYCOLLECTION/{document} {
allow create: if false;
allow read: if request.auth != null;
allow write: if request.auth != null;
allow delete: if false;
}
However I keep getting the following error:
10.22.0 - [FirebaseFirestore][I-FST000001] Listen for query at XXXX failed: Missing or insufficient permissions.
flutter: Error querying CollectionReference<Map<String, dynamic>>(XXXXX): [cloud_firestore/permission-denied] The caller does not have permission to execute the specified operation.
I assume since I am using a custom authentication mechanism it does not play well with the expected 'request.auth' rule in Firestore. How can I do this securely ?
Note that if i update the read rule to allow read: if true; everything works fine, however this is also publicly accessible, which is something i do not want to have.
Thank you!