Open dev4jam opened 6 years ago
Quite the opposite. The package currently uses service account authentication (docs), so for requests originated by Ferno, security rules are disabled. But for regular clients, you can (and should) be as strict as you possible.
Yeah as @vzsg stated! Since you use the service account, there is no need to have open rules. Ferno will bypass those rules.
That being said, it might be useful for some use cases to allow manually specifying the access token instead of using the service account.
Ah yes, I guess if you wanted to only access specific data via a user you can do it with their access token. Will add it to the list of todos
Couldn't find any authentication example... Does it mean that all my rules in Firebase should allow access without authentication? Any plans on building user auth part as well?