-
First of all, a big thank you to the devs for this very helpful project! I'm new to Firebase. I was hoping on letting players read and write data without logging in. The nature of my game is such that a login would be an unnecessary barrier to entry. I figured I'd be able to use cloud functions to sanitize submitted data for security. The thing is, this SDK seems to require authentication in order to access the Firestore. At first, I figured that logging in users anonymously would be an acceptable workaround. However, this approach creates a new user every time the app is opened. I don't believe that's a sustainable long-term solution as my app scales. Do you have any suggestions for how I should use this SDK to support my use case? Perhaps there is something I missed. EDIT: After a little more digging, it seems I might be able to use the email and password method to authenticate users. Instead of using an actual email, I could use a string derived from their device id. This would create one unique user per device without requiring players to make an account. I believe this approach will work for my needs, but feel free to critique it or let me know if there's a better way. Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
@pndalal I apologize it took so long to get back to you. I know some of the team was getting ready for Godotcon and the talk that they gave there. Long story short Google and Firebase don't recommend allowing access without Auth. This can allow someone to write or remove data. Remove is obviously bad, but if they write massive amounts of data, you can find yourself with a huge bill from Google. I think your solution would work fine, the security rules are going to be the most important thing to look at. Chuck |
Beta Was this translation helpful? Give feedback.
@pndalal I apologize it took so long to get back to you. I know some of the team was getting ready for Godotcon and the talk that they gave there.
Long story short Google and Firebase don't recommend allowing access without Auth. This can allow someone to write or remove data. Remove is obviously bad, but if they write massive amounts of data, you can find yourself with a huge bill from Google.
I think your solution would work fine, the security rules are going to be the most important thing to look at.
Chuck