Add custom claim to id token

perfect!! that's all I wanted to know!! now I can do what you have just said!

I have one more thing......doing all that reading came to this... Retrieve ID tokens on clients

When a user or device successfully signs in, Firebase creates a corresponding ID token that uniquely identifies them and grants them access to several resources, such as Firebase Realtime Database and Cloud Storage. You can "re-use" that ID token to identify the user or device on your custom backend server. To retrieve the ID token from the client, make sure the user is signed in and then get the ID token from the signed-in user........How do I send the auth id token to storage so it can grant me access to the files as an auth user?

ive read all the guide but it did not help with my issue.....How do I tell storage that the user trying to access the files is authenticated already? because it acts as if the user wasn't since it won't let access to files with the security rule " if reques.auth"

this guy was having the same issue as me......however he was not using app inventor.....

Your answer should be here:

Either use the authenticated user's idToken to allow access to a file, or provide them with the downloadToken for the file, based upon your criteria of whether they should have access (e.g. have they paid?) You should be able to do all this in the app with blocks.

I did exactly how you explain in the guide......through the google.apis link using my own info directly to the set image picture to: google.apis bla bla bla...... i dont want the world readable code so I decided to go for the "secure bubble" and it sends me back an error....error 1109 the specified url is not valid...

You must have something wrong in the blocks, it is working OK for me here.

Just checking, you have set up the secure rules for storage ?

I will check my blocks.......I definitely have something wrong in my blocks.....I will send pictures as soon as I'm done working for the day...

I got the blocks mixed up.......the top picture in the guide is for world readable......the bottom pic is for auth.....sorry!!! my bad!!

great! Now I don't get the error message, however I do not get the picture to show......I tried a text box to check on the result I get with 'whenweb1 got file send file name to text box and I get something like : /storage/emulated/0/android/data... etc... What would be the next step after the get procedure?

I have just read this does not work for video......so I have to go all the way back with my project.......I was just thinking about giving access through creating a tag in the Realtime database called...paid/unpaid on each user ..... and from there.....send a connection from the end user to the tag to check if permission should be denied or allowed......what's your opinion?
how safe is this?

  • You can store video files on Firebase Storage
  • You can download video files from Firebase Storage
  • You can stream (with a bit of work) video files from Firebase Storage

Access Method:

  • User pays for access to certain content
  • Filenames/downloadTokens updated in user's list

There is no video for the secure version, it would be exactly the same as the non secure one!

is this only for deleting purposes? I did not understand that part....is this for all the processes or just the deleting process?

I do not understand any of what you have said ? :wink:

in the guide.... under the delete process , you wrote:

'There is no video for the secure version, it would be exactly the same as the non secure one!

but I am not sure if you mean this for all the processes such as download or just the delete file process?

Ah sorry, if you had read the previous page for "no rules", you would have seen a video provided to demonstrate the process. I didn't make a video for secure rules because it would have looked exactly the same.

got ya!!! thanks a lot mate! you are being sooooo helpful!

This could also be another solution since the download process using firebase storage 'downloads the file' to the users phone....which I don't like........ I would rather have all of my content to be online access only......just like google drive........I was thinking about making the app user sign in with google account so he can access google drive through the app and then handle the permissions with the 'google share option' which I find easier to handle.

what's your opinion?

This is not the solution for that, but I will have a think about how it can work.

1 Like

OK, I have weighed up the pros and cons of both methods, and for what i know of what you want to do, Firebase Storage comes out on top over my GD Connector approach.

However you might want to consider this extension as an alternative:

1 Like

thanks a lot!