Limit auth to certain domain only
On the backend you can add security rules to the database
1
{
2
"rules": {
3
".read": "auth.token.email.matches(/.*@example.com$/)",
4
".write": "auth.token.email.matches(/.*@example.com$/)"
5
}
6
}
Copied!
1
rules_version = '2';
2
service cloud.firestore {
3
match /databases/{database}/documents {
4
match /podcasts/{podcast=**} {
5
function isValidEmail(){
6
return (request.auth.token.email.matches('.*@example[.]com#x27;) &&
7
request.auth.token.email_verified)
8
}
9
allow read, write: if isValidEmail();
10
}
11
}
12
}
Copied!
Last modified 2yr ago
Copy link