LaVOZs

The World’s Largest Online Community for Developers

'; Anonymous Flutter APP with secure Firebase Storage. Single Signin - LavOzs.Com

I am creating an app where the user does not have to login and this is also not planned for future. After looking at this video I was pretty shocked as I was simply securing read/write access with request.auth != null. Which only checks if there is any authentication. Video: https://www.youtube.com/watch?v=b7PUm7LmAOw&t

So I went ahead and changed the signInAnonymously to signInWithEmailAndPassword, with a hardcoded email and hardcoded password. In my App. This is not very pleasant and I was looking for a better was to do this. I stumbled accross flutter_secure_storage but I did not fully understand how I store my secret (in this case my password) for every installation of my app.

Is there another best practice how I allow read/write to firebase only from my app?

final FirebaseAuth _auth = FirebaseAuth.instance;

//_auth.signInAnonymously();

_auth.signInWithEmailAndPassword(email: "HARDCODEDEMAIL", password: "HARDCODEDPASSWORD");
Related
Firebase user account security with firebaseSimpleLogin
Manually generate single auth-token for use in constant, to authenticate app to access database - Good or bad?
How to handle notification when app in background in Firebase
Firebase - Limit file access to specific users
AngularFire 2.0.1 $createUserWithEmailAndPassword auth/invalid-api-key
Using Firebase as backend
Firebase 'A network error (such as timeout, interrupted connection or unreachable host) has occurred.'
AngularJS with Firebase Authentication