I have used this https://firebase.google.com/docs/auth/admin/manage-cookies to implement session cookies into my next.js application.
Having no client user authentication, I assume I have to handle all my firestore calls and permissions inside my server-side api; which begs the question. What use do I have of the firestore rules? Is that just obsolete?
I'm asking because I don't see a way to authenticate anything with the rules - seeing as the request.auth will always be null? I'm pretty sure I'm getting something wrong here since on that doc for session cookies I see no mention that that will basically invalidate the .rules, yet I'm struggling to implement them.
No comments:
Post a Comment