From the course: Firebase Essential Training

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Modify Firestore security rules

Modify Firestore security rules - Google Cloud Tutorial

From the course: Firebase Essential Training

Start my 1-month free trial

Modify Firestore security rules

- [Instructor] So before we actually get started implementing the email verification flow, in order for this whole thing to even be worth doing in the first place, we need to actually prevent users whose emails have not been authenticated from accessing data in the Firestore. And in order to do this, there's just one fairly simple change we have to make to the security rules for our project. So let's open up our Firebase console and head over to Firestore and then we'll go to the Rules tab. And then we're going to modify our security rules so that will only allow users to access our Firestore if they're both offed, and if their email address has been verified. And here's what that'll look like. We're going to say that we want to allow the user to read if requests.auth.id does not equal null. And if request.auth.auth.token.email_verified, is equal to true. All that'll do is test that the user who's making this request…

Contents