Firebase read permission denied when using auth security rules

251 Views Asked by At

Data Structure:

root:
  lists:
    $list:
      pass: "VALU"

Rules Structure:

"rules": {
  "lists": {
    "$list": {
      ".read": "auth.token.name === data.child('pass').val()"
    }
  }
}

Javascript:

firebase.auth().signInAnonymously();

firebase.auth().currentUser.updateProfile({
    displayName: "VALU"
});

firebase.database().ref("lists/{$SomeList}").once('value').then([...]);
  // Throws error: permission denied

I'm very confused as to why the permission is denied. I made sure that the values for the displayName and the pass were the same, so I'm not sure as to why the comparison is returning false..

UPDATE: It seems that the auth variable in the security rules is not refreshing when the displayName is changed, any ideas on how to fix this?

1

There are 1 best solutions below

1
On BEST ANSWER

Force token refresh on the user after updateProfile: firebase.auth().currentUser.getToken(true)

The idToken will be updated afterwards.