Im developing a solution where I have data stored on firestore. On the other side I have react based website which reads this data.
Today I "authenticate" the solution in my test with in the backend a firebase config and that they enter a uniqID in the URL. So example: company.com/display/asdkjlasdjkl239023. I then do simple firestoreConnect where I add the ID as where clause. Right now my firestore rules are just open for all. But for production this dosen't seems so secure.
In theory I guess I would want some typ of authentication when the device first loads. Maybe a pin code would be good (email/password etc is to long). Then there would be a rule only allowing this connection to read what they are supposed to read nothing else.
Im trying to figure out how this could be solved but don't have any good idea. I figured somebody must have built something similar before :)
You can use Firebase Authentication phone Auth to verify a user based on their phone number, easier than email/password. You can even create your custom authentication inside Firebase Auth.
To secure your firestore or real time database, you need to use and understand Firebase Security Rules you can write security rules which will block the user from accessing other files that they aren't suppose to (which are ofc decided by you).