Data Structure:
root:
lists:
$list:
pass: "VALU"
Rules Structure:
"rules": {
"lists": {
"$list": {
".read": "auth.token.name === data.child('pass').val()"
}
}
}
Javascript:
firebase.auth().signInAnonymously();
firebase.auth().currentUser.updateProfile({
displayName: "VALU"
});
firebase.database().ref("lists/{$SomeList}").once('value').then([...]);
// Throws error: permission denied
I'm very confused as to why the permission is denied. I made sure that the values for the displayName
and the pass
were the same, so I'm not sure as to why the comparison is returning false..
UPDATE: It seems that the auth
variable in the security rules is not refreshing when the displayName
is changed, any ideas on how to fix this?
Force token refresh on the user after updateProfile:
firebase.auth().currentUser.getToken(true)
The idToken will be updated afterwards.