search

Custom claims

On the backend you can use custom claims to group user's permissions

What I'd recommend is to separate the auth from the access by using Custom Claimsarrow-up-right. Allow any one to create a user, but attach a Cloud Functionarrow-up-right to the user create event. If the user matches one on the white list, set a custom user claimarrow-up-right (this just launched recently!)

Finally, in your rules, check for that use property before giving access to the data:

{
  "rules": {
    "adminContent": {
      ".read": "auth.token.admin === true",
      ".write": "auth.token.admin === true",
    }
  }
}

from Firebase Authentication with whitelisted email addresses arrow-up-right

PreviousDatabase AuthNextLimit auth to certain domain only

Last updated

Was this helpful?