How would you prevent users from spoofing a username in Firebase?

How can I prevent a user from spoofing the username by submitting something to Firebase using, say, a valid auth uid but the wrong "username"?

I could ONLY store the UID, but then I would have to force the client to look for all UIDs all the time. It would be ideal if I could somehow verify that the specified username matches the username in the log.

Ideally, I would make a rule that looks like this:

    "rules": {
              ".validate": "newData.child('name').val() == auth.facebook.displayName"


But the auth variable does not contain the username.


source to share

1 answer

In most cases, developers save complete information about all users under a /users

node in their Firebase. For example.

      username: "puf"
      displayName: "Frank van Puffelen"
        author: twitter:478645678
        name: "puf"
        message: "Hello world"


With this structure, you can cross-reference the username to /users/<uid>/username


".validate": "newData.child('name').val() == root.child('users').child(auth.uid).child('username').val()"




All Articles