Webcom provides many means for authenticating end users on your applications. In usual settings,
security rules aim at granting read or write permissions depending on the authenticated user. On this purpose, the
JavaScript expressions implementing security rules are provided with the auth variable, which contains a JSON object
representing the authentication details of the authenticated user at the time of the read or write operation.
This JSON object contains exactly the fields explained in the “Authentication State” chapter. The most usual ones are:
| Field | Description | Type |
|---|---|---|
| uid | A unique user ID across all providers, which identifies the user's Webcom account for the application. | String |
| provider | The authentication method used (for example: "password"). | String |
Typically, you are likely to store all of your users in a single users node whose children are the uid values for
each user. If you want to restrict access to this data such that only the logged-in user can see their own data, your
rules will look something like this:
{
"rules": {
"users": {
"$uid": {
// grants write access to the owner of this user account whose uid must exactly match the key ($uid)
".write": "auth !== null && auth.uid === $uid",
// grants read access to any user who is signed in with the email/password method
".read": "auth !== null && auth.provider === 'password'"
}
}
}
}