🖌
Firebase+React_Notes
🖌
Firebase+React_Notes
🖌
Firebase+React_Notes
🖌
Firebase+React_Notes
Firebase React Notes
React + firebase
Firebase - Create React app setup
Firebase React context
Firebase function local dev react
React firebase hooks
Firestore
Firestore
Firestore data model
associated Firebase data with Users
Firestore write
Firestore - read
Firestore update
Persisting data offline
Importing json
Auth
Auth
Firebase UI
Firebase Auth with React
Linking auth accounts
Twitter sign in
Google sign in
Database Auth
Custom claims
Limit auth to certain domain only
Custom tokens
Cloud Functions
Cloud Functions
Set timeout and memory allocation
Call functions via HTTP requests
HTTPS Callable
Separate Cloud Function in multiple files
Slack integration
Twilio firebase functions
ffmpeg convert audio
ffmpeg transcoding video
Storage
Security
Create
Delete
Uploading with React to Firebase Storage
Getting full path
Firebase `getDownloadURL`
Hosting
Hosting
Firebase Admin
Firebase admin
Firebase analytics
Firebase analytics
Google App Engine
Google App Engine
GCP App Engine + video transcoding
STT
STT + Cloud Function + Cloud Task
Other
CI Integration
Travis CI integration
Github actions integration
Visual code
Visual code extension
Electron
Firebase with electron
Pricing
Pricing
Testing
Unit testing
Privacy and Security
Privacy and security
Useful resources
links
Firebase Extensions
Firebase extension
Chrome Extension
Firebase in a chrome extension
Powered by GitBook

Custom claims

On the backend you can use custom claims to group user's permissions

What I'd recommend is to separate the auth from the access by using Custom Claims. Allow any one to create a user, but attach a Cloud Function to the user create event. If the user matches one on the white list, set a custom user claim (this just launched recently!)

Finally, in your rules, check for that use property before giving access to the data:

{
  "rules": {
    "adminContent": {
      ".read": "auth.token.admin === true",
      ".write": "auth.token.admin === true",
    }
  }
}

from Firebase Authentication with whitelisted email addresses ​

Auth - Previous
Database Auth
Next
Limit auth to certain domain only
Last updated 1 year ago