Firebase Question posted in
An extensive official documentation can be found here.

How do I correctly authenticate with firebase for each request

I’m playing around with firestore since I used realtime database in a course I did on angular. I created an angular app, and trying to get some documents based on a document property. However, I get this error each time:

ERROR FirebaseError: Missing or insufficient permissions.

Which is probably because i am doing something wrong and I don’t understand enough about these type of requests. I finished up on maximilian’s Angular course where working with realtime DB went like a breeze, but firestore is definitely proving to be more difficult.

Here is my code:

  getTimesharesByOwnerId(): Observable<Timeshare[]> {
    return this.currentUser$.pipe(
      switchMap((user) => {
        if (user) {
          const ownerId = user.email;
          const timesharesCollection = collection(this.afs, 'timeshares');
          const q = query(
            timesharesCollection,
            where('ownerId', '==', ownerId)
          );
          return collectionData(q, { idField: 'id' }) as Observable<
            Timeshare[]
          >;
        } else {
          return of([]);
        }
      })
    );
  }

When the above request is done, the request does not include headers.

Now, I think:
a) I should add headers to my request with the currentUser$.token
b) I should find a way for firebase to check that header

But how should I do B to shield of certain actions? Because for some reason gemini and firebase always assumes I am using some kind of SDK for this? I’m using angular firestore, yes, but my header is never automatically attached. I store my logged in user in my Authservice as an observable.

The solution is probably very very easy, but I am currently feeling lost, as if I’ve wasted my time on this angular course because I’m too stupid to understand anything :/ I should probably use the SDK then? but am I not already? And does that mean I wasted an enormous amount of time setting up my auth service when firebase could’ve done this for me?

Tags:

2

Answers


  1. 0

    If the collection methods and other Firestore methods come from the client-side Firebase SDK, then that already passes the information about the user that is signed in to the Firebase Authentication SDK along to the server. You don’t need to do that yourself.

    More likely (as Doug commented) your request is actually not allowed by the server-side security rules that are set up for your database. Read these and these docs to get started.

    Login or Signup to reply.
  2. 0

    Firebase is a common point of confusion! The issue isn’t with your code specifically, but rather with how Firebase authentication and security rules work together.

    First, you are already using the Firebase SDK correctly through @angular/fire. The issue isn’t about adding manual headers – Firebase handles authentication tokens automatically when you initialize it properly. Here’s how to fix this:

    1. Make sure you’ve initialized Firebase with auth:
    // app.module.ts
import { provideFirebaseApp, initializeApp } from '@angular/fire/app';
import { provideAuth, getAuth } from '@angular/fire/auth';
import { provideFirestore, getFirestore } from '@angular/fire/firestore';

@NgModule({
  imports: [
    provideFirebaseApp(() => initializeApp(environment.firebase)),
    provideAuth(() => getAuth()),
    provideFirestore(() => getFirestore()),
    // ... other imports
  ]
})

    1. You need to ensure you’re authenticated before making Firestore requests. Your current code looks good for that part since you’re using currentUser$.

    2. The most likely issue is your Firestore security rules. Check your rules in the Firebase Console (Database → Rules). They probably look something like this:

    rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if false;  // This is the default, blocking all access
    }
  }
}

    You need to update them to allow authenticated users to access their own timeshares. Here’s a basic example:

    rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /timeshares/{timeshare} {
      allow read: if request.auth != null && resource.data.ownerId == request.auth.token.email;
    }
  }
}

    This rule says: "Allow reading a timeshare document only if the user is authenticated AND the document’s ownerId matches the authenticated user’s email."

    You haven’t wasted your time at all! Understanding authentication and building your auth service is valuable knowledge. The Firebase SDK handles the token management automatically, but you still need to:

    1. Handle user authentication flows
    2. Manage user state
    3. Control access patterns
    4. Handle error cases

    Would you like me to explain more about how Firebase security rules work or show you how to test them locally?

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search