I\'m using firebase storage to store and load images for users on my android app. All users must be authenticated before using it. Occasionally, some user profile images are not
I had the same problem as you. This is a late answer but maybe this can help someone.
The problem for me was exactly as user2555964 described.
I can see that you only provide the url and it is referencing a token. I assume that you don't download the url from a storage path like this and just keep the reference in the database.
My problem in detail was that upon uploading a picture I saved the url and kept it in the database and then I had a storage trigger that optimized the picture on firebase cloud functions (copy, optimize, and replace original) which changed the token of the picture, making the token on the url worthless when checking for auth on storage rules.
The solution for me was to store the storage path instead and download the current url with the correct token.