Is it possible to make a condition in Firestore security rules based on information from the request's ServiceAccountKey.json file?

Question

Is it possible to make a condition in Firestore security rules based on information from the request's ServiceAccountKey.json file?

72 views Asked by Jnguyen22 At 30 January 2020 at 02:48

I want my database to be able to be read by anything and to be written only by my python script. In my python script is my ServiceAccountKey.json file. It looks like this (I took all of my information out):

{
  "type": "service_account",
  "project_id": 
  "private_key_id": 
  "private_key": 
  "client_email":
  "client_id": "
  "auth_uri": 
  "token_uri": 
  "auth_provider_x509_cert_url": 
  "client_x509_cert_url":
}

Can anything here be a part of a condition in my security rules?

Original Q&A

There are 1 answers

**Doug Stevenson** · Answer 1 · 2020-01-30T02:53:40+00:00

No. All access to Firestore (and Realtime Database, and Cloud Storage) from a backend/desktop source that's initialized from a service account will always bypass security rules completely.

Security rules only apply to web and mobile clients who are using Firebase Authentication, or no auth at all.

TechQA.

Is it possible to make a condition in Firestore security rules based on information from the request's ServiceAccountKey.json file?

There are 1 answers

Related Questions in FIREBASE

Related Questions in GOOGLE-CLOUD-FIRESTORE

Related Questions in FIREBASE-AUTHENTICATION

Related Questions in FIREBASE-SECURITY

Popular Questions

Popular Tags

Trending Questions