Access Firebase with secrets rules by android studio
I have a firebase which is configured secrets database (read == false and write == false). When I use ESP8266 and create app by appinventor, It just need Firebase URL and Secrets key (I get it in database secrets) to read and write data. But when I create app by android studio by myself, I must change the rules (read == true and write == true) to access data. Can you help me access the firebase with rules (read == false and write == false) by android studio?
android firebase firebase-realtime-database edited Nov 16 '18 at 14:50
Frank van Puffelen
242k29387414
asked Nov 16 '18 at 2:22
Phuoc HuuPhuoc Huu
1
add a comment |
I have a firebase which is configured secrets database (read == false and write == false). When I use ESP8266 and create app by appinventor, It just need Firebase URL and Secrets key (I get it in database secrets) to read and write data. But when I create app by android studio by myself, I must change the rules (read == true and write == true) to access data. Can you help me access the firebase with rules (read == false and write == false) by android studio?
android firebase firebase-realtime-database edited Nov 16 '18 at 14:50
Frank van Puffelen
242k29387414
asked Nov 16 '18 at 2:22
Phuoc HuuPhuoc Huu
1
add a comment |
I have a firebase which is configured secrets database (read == false and write == false). When I use ESP8266 and create app by appinventor, It just need Firebase URL and Secrets key (I get it in database secrets) to read and write data. But when I create app by android studio by myself, I must change the rules (read == true and write == true) to access data. Can you help me access the firebase with rules (read == false and write == false) by android studio?
android firebase firebase-realtime-database edited Nov 16 '18 at 14:50
Frank van Puffelen
242k29387414
asked Nov 16 '18 at 2:22
Phuoc HuuPhuoc Huu
1
I have a firebase which is configured secrets database (read == false and write == false). When I use ESP8266 and create app by appinventor, It just need Firebase URL and Secrets key (I get it in database secrets) to read and write data. But when I create app by android studio by myself, I must change the rules (read == true and write == true) to access data. Can you help me access the firebase with rules (read == false and write == false) by android studio?
android firebase firebase-realtime-database android firebase firebase-realtime-database edited Nov 16 '18 at 14:50
Frank van Puffelen
242k29387414
asked Nov 16 '18 at 2:22
Phuoc HuuPhuoc Huu
1
edited Nov 16 '18 at 14:50
Frank van Puffelen
242k29387414
asked Nov 16 '18 at 2:22
Phuoc HuuPhuoc Huu
1
edited Nov 16 '18 at 14:50
Frank van Puffelen
242k29387414
edited Nov 16 '18 at 14:50
Frank van Puffelen
242k29387414
edited Nov 16 '18 at 14:50
Frank van Puffelen
242k29387414
242k29387414
asked Nov 16 '18 at 2:22
Phuoc HuuPhuoc Huu
1
asked Nov 16 '18 at 2:22
Phuoc HuuPhuoc Huu
1
asked Nov 16 '18 at 2:22
Phuoc HuuPhuoc Huu
1
1
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The Firebase SDK for Android does not have a way to initialize the client with a classic database secret. This is because that approach would give the Android app administrative access to your entire Firebase project, which allows the users of the app to do whatever they want. This is an anti-pattern, since the vast majority of Android apps are built to distribute to users of your app whose access should be controlled through security rules.
So the common solution would be to use Firebase Authentication in your app, and then write your security rules to control the data that the identified users can access. Even if you only use anonymous authentication (which doesn't require your users to sign in), you can already secure your app through these rules better than without authentication.
There is an Admin SDK for Firebase, which grants the users administrative access to the Firebase project (similar to what the secret key does for you now). But that SDK is not available for use in Android apps, to prevent it from being used to accidentally open up your project to regular users. Instead the Admin SDK is available to run on trusted environments, such as your development machine, a server you control, or Cloud Functions.
What you could do is use the Admin SDK on such an environment, and then expose controlled end points (i.e. your own API) to your Android app. A simple example f that would be through callable Cloud Functions. But there too, you will have to ensure that you secure access to that custom API, so that you don't accidentally expose more data than you should.
answered Nov 16 '18 at 14:56
Frank van PuffelenFrank van Puffelen
242k29387414
Thanks for your reply! But I need to create an app to connect to firebase for users owner their firebase. So if I use admin SDK, one app will be control 1 firebase database for 1 hour, it is not flexible.
– Phuoc Huu
Nov 17 '18 at 15:57
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53330550%2faccess-firebase-with-secrets-rules-by-android-studio%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The Firebase SDK for Android does not have a way to initialize the client with a classic database secret. This is because that approach would give the Android app administrative access to your entire Firebase project, which allows the users of the app to do whatever they want. This is an anti-pattern, since the vast majority of Android apps are built to distribute to users of your app whose access should be controlled through security rules.
So the common solution would be to use Firebase Authentication in your app, and then write your security rules to control the data that the identified users can access. Even if you only use anonymous authentication (which doesn't require your users to sign in), you can already secure your app through these rules better than without authentication.
There is an Admin SDK for Firebase, which grants the users administrative access to the Firebase project (similar to what the secret key does for you now). But that SDK is not available for use in Android apps, to prevent it from being used to accidentally open up your project to regular users. Instead the Admin SDK is available to run on trusted environments, such as your development machine, a server you control, or Cloud Functions.
What you could do is use the Admin SDK on such an environment, and then expose controlled end points (i.e. your own API) to your Android app. A simple example f that would be through callable Cloud Functions. But there too, you will have to ensure that you secure access to that custom API, so that you don't accidentally expose more data than you should.
answered Nov 16 '18 at 14:56
Frank van PuffelenFrank van Puffelen
242k29387414
Thanks for your reply! But I need to create an app to connect to firebase for users owner their firebase. So if I use admin SDK, one app will be control 1 firebase database for 1 hour, it is not flexible.
– Phuoc Huu
Nov 17 '18 at 15:57
add a comment |
The Firebase SDK for Android does not have a way to initialize the client with a classic database secret. This is because that approach would give the Android app administrative access to your entire Firebase project, which allows the users of the app to do whatever they want. This is an anti-pattern, since the vast majority of Android apps are built to distribute to users of your app whose access should be controlled through security rules.
So the common solution would be to use Firebase Authentication in your app, and then write your security rules to control the data that the identified users can access. Even if you only use anonymous authentication (which doesn't require your users to sign in), you can already secure your app through these rules better than without authentication.
There is an Admin SDK for Firebase, which grants the users administrative access to the Firebase project (similar to what the secret key does for you now). But that SDK is not available for use in Android apps, to prevent it from being used to accidentally open up your project to regular users. Instead the Admin SDK is available to run on trusted environments, such as your development machine, a server you control, or Cloud Functions.
What you could do is use the Admin SDK on such an environment, and then expose controlled end points (i.e. your own API) to your Android app. A simple example f that would be through callable Cloud Functions. But there too, you will have to ensure that you secure access to that custom API, so that you don't accidentally expose more data than you should.
answered Nov 16 '18 at 14:56
Frank van PuffelenFrank van Puffelen
242k29387414
Thanks for your reply! But I need to create an app to connect to firebase for users owner their firebase. So if I use admin SDK, one app will be control 1 firebase database for 1 hour, it is not flexible.
– Phuoc Huu
Nov 17 '18 at 15:57
add a comment |
The Firebase SDK for Android does not have a way to initialize the client with a classic database secret. This is because that approach would give the Android app administrative access to your entire Firebase project, which allows the users of the app to do whatever they want. This is an anti-pattern, since the vast majority of Android apps are built to distribute to users of your app whose access should be controlled through security rules.
So the common solution would be to use Firebase Authentication in your app, and then write your security rules to control the data that the identified users can access. Even if you only use anonymous authentication (which doesn't require your users to sign in), you can already secure your app through these rules better than without authentication.
There is an Admin SDK for Firebase, which grants the users administrative access to the Firebase project (similar to what the secret key does for you now). But that SDK is not available for use in Android apps, to prevent it from being used to accidentally open up your project to regular users. Instead the Admin SDK is available to run on trusted environments, such as your development machine, a server you control, or Cloud Functions.
What you could do is use the Admin SDK on such an environment, and then expose controlled end points (i.e. your own API) to your Android app. A simple example f that would be through callable Cloud Functions. But there too, you will have to ensure that you secure access to that custom API, so that you don't accidentally expose more data than you should.
answered Nov 16 '18 at 14:56
Frank van PuffelenFrank van Puffelen
242k29387414
The Firebase SDK for Android does not have a way to initialize the client with a classic database secret. This is because that approach would give the Android app administrative access to your entire Firebase project, which allows the users of the app to do whatever they want. This is an anti-pattern, since the vast majority of Android apps are built to distribute to users of your app whose access should be controlled through security rules.
So the common solution would be to use Firebase Authentication in your app, and then write your security rules to control the data that the identified users can access. Even if you only use anonymous authentication (which doesn't require your users to sign in), you can already secure your app through these rules better than without authentication.
There is an Admin SDK for Firebase, which grants the users administrative access to the Firebase project (similar to what the secret key does for you now). But that SDK is not available for use in Android apps, to prevent it from being used to accidentally open up your project to regular users. Instead the Admin SDK is available to run on trusted environments, such as your development machine, a server you control, or Cloud Functions.
What you could do is use the Admin SDK on such an environment, and then expose controlled end points (i.e. your own API) to your Android app. A simple example f that would be through callable Cloud Functions. But there too, you will have to ensure that you secure access to that custom API, so that you don't accidentally expose more data than you should.
answered Nov 16 '18 at 14:56
Frank van PuffelenFrank van Puffelen
242k29387414
answered Nov 16 '18 at 14:56
Frank van PuffelenFrank van Puffelen
242k29387414
answered Nov 16 '18 at 14:56
Frank van PuffelenFrank van Puffelen
242k29387414
answered Nov 16 '18 at 14:56
Frank van PuffelenFrank van Puffelen
242k29387414
242k29387414
Thanks for your reply! But I need to create an app to connect to firebase for users owner their firebase. So if I use admin SDK, one app will be control 1 firebase database for 1 hour, it is not flexible.
– Phuoc Huu
Nov 17 '18 at 15:57
add a comment |
Thanks for your reply! But I need to create an app to connect to firebase for users owner their firebase. So if I use admin SDK, one app will be control 1 firebase database for 1 hour, it is not flexible.
– Phuoc Huu
Nov 17 '18 at 15:57
Thanks for your reply! But I need to create an app to connect to firebase for users owner their firebase. So if I use admin SDK, one app will be control 1 firebase database for 1 hour, it is not flexible.
– Phuoc Huu
Nov 17 '18 at 15:57
Thanks for your reply! But I need to create an app to connect to firebase for users owner their firebase. So if I use admin SDK, one app will be control 1 firebase database for 1 hour, it is not flexible.
– Phuoc Huu
Nov 17 '18 at 15:57
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53330550%2faccess-firebase-with-secrets-rules-by-android-studio%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
