User authentication is the first step to secure your application from unauthenticated access. Identifying the user in the first step automatically implies the restriction on data they can access and manipulate. In the applications where we use backend technologies such as Java, Microsoft.Net, or any other platform, we write authentication logic to restrict the access to our application. However, since Firebase is widely used with client-side only applications, we will not have the luxury of backend tools. Luckily, Firebase platform provides an Authentication mechanism—Firebase Authentication—which has built-in support for common authentication mechanisms such as form-based authentication with username and password, Google and Facebook login, and many more. In Chapter 3, Authentication with Firebase, and Chapter 5, User Profile and Access Management, we have already seen how we can implement the Firebase Authentication. The following rule specifies that to access the database, a user must be authenticated. It also specifies that once a user is authenticated, it can access all the data available in the database:

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth != null"
  }
}