WolfgangSenff
commented
3 years ago We generally recommend everyone use authorization, but that said, it feels like a valid use-case. Will talk to the team. Thanks.
Closed spyr0s closed 3 years ago
WolfgangSenff
commented
3 years ago We generally recommend everyone use authorization, but that said, it feels like a valid use-case. Will talk to the team. Thanks.
spyr0s
commented
3 years ago Thanks, A workaround for the time being would be to use anonymous auth
fenix-hub
commented
3 years ago Hi @spyr0s , As a team we have always avoided to support unauthenticated requests, because generally it means that users using the library do not have rule policies protecting their projects whatsoever. But in this case you gave us a complete and understandable use case and we are sure you know what you are doing. Before implementing this, I'd like to make sure if a viable option for you would be to just have an automatic anonymous authentication if the plugin does an unauthorized request. Clients wouldn't notice the difference, and you won't have to call any additional function, but still it would be an additional layer of protection. Of course this would mean that you would need to enable anonymous authentication (which is just a matter of a click). Otherwise, if you don't like this idea, please let us know and just give us some time to add some notes around the plugin, since if we enable unauthorized requests we would like to make sure that unexperienced users know what they are doing, and experienced users just acknowledge this option. Thanks!!
spyr0s
commented
3 years ago Yes, anonymous sign in would be a perfect workaround. Just checked and works fine
On Mon, Apr 5, 2021, 16:59 Nicolò Santilio @.***> wrote:
Hi @spyr0s https://github.com/spyr0s , As a team we have always avoided to support unauthenticated requests, because generally it means that users using the library do not have rule policies protecting their projects whatsoever. But in this case you gave us a complete and understandable use case and we are sure you know what you are doing. Before implementing this, I'd like to make sure if a viable option for you would be to just have an automatic anonymous authentication if the plugin does an unauthorized request. Clients wouldn't notice the difference, and you won't have to call any additional function, but still it would be an additional layer of protection. Of course this would mean that you would need to enable anonymous authentication (which is just a matter of a click). Otherwise, if you don't like this idea, please let us know and just give us some time to add some notes around the plugin, since if we enable unauthorized requests we would like to make sure that unexperienced users know what they are doing, and experienced users just acknowledge this option. Thanks!!
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/GodotNuts/GodotFirebase/issues/171#issuecomment-813407380, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHY3DRFT5THGOVZ2K6VS4TTHG64TANCNFSM42MRSVWQ .
Is your feature request related to a problem? Please describe. Currently all requests to firestore documents require authorization else an "Unauthorized Firestore operation!" error is returned
if not auth: printerr("Unauthorized Firestore operation!") return nullDescribe the solution you'd like Allow requests to be done without the auth check and no bearer if the user is not authorized
Additional context For example we can have collection of users scores where each user should be authorized in order to add a score, but we want guest to see the top Scores. This can be done using firestore rules , but currently we can't query the top scores without getting the Unauthorized error