🖌️
Firebase+React_Notes
  • Firebase React Notes
  • React + firebase
    • Firebase - Create React app setup
      • Node & nvm
      • Create React App + Firebase
      • Create firebase app
      • Deploying To Firebase Hosting
      • Switching Environments
      • Typescript typings
      • Firebase cloud function local development
      • Resources
    • Firebase React context
      • Motivation
      • Firebase React Context setup
    • Firebase function local dev react
    • React firebase hooks
  • Multiple ENVs
    • Multiple ENVs
    • Manual setup
    • Terraform
  • Firestore
    • Firestore
      • Using a function to check email domain
    • Firestore data model
    • associated Firebase data with Users
    • Firestore write
    • Firestore - read
      • Removing a listener from firestorm
    • Firestore update
    • Persisting data offline
    • Importing json
  • Auth
    • Auth
    • Firebase UI
    • Firebase Auth with React
    • Linking auth accounts
    • Twitter sign in
    • Google sign in
      • Google sign in custom domain
    • Database Auth
      • Custom claims
      • Limit auth to certain domain only
    • Custom tokens
  • Cloud Functions
    • Cloud Functions
    • Set node version
    • Set timeout and memory allocation
    • Call functions via HTTP requests
    • HTTPS Callable
      • HTTPS Callable cloud function auth check email address domain
    • Separate Cloud Function in multiple files
    • Slack integration
    • Twilio firebase functions
    • ffmpeg convert audio
    • ffmpeg transcoding video
  • Storage
    • Security
    • Create
    • Delete
    • Uploading with React to Firebase Storage
    • Getting full path
    • Firebase `getDownloadURL`
    • Saving files to cloud storage from memory
  • Hosting
    • Hosting
    • Hosting + cloud functions
  • Firebase Admin
    • Firebase admin
  • Firebase analytics
    • Firebase analytics
  • Google App Engine
    • Google App Engine
    • GCP App Engine + video transcoding
  • STT
    • STT + Cloud Function + Cloud Task
      • Example implementation
      • `createTranscript`
      • `createHandler`
        • Firebase ENV
    • Other
      • enableWordTimeOffsets
      • STT longRunningRecognize in Cloud function
      • STT + Cloud Function
      • STT + Google App Engine
      • STT via Google Cloud Video intelligence API
  • CI Integration
    • Travis CI integration
    • Github actions integration
  • Visual code
    • Visual code extension
  • Electron
    • Firebase with electron
  • Pricing
    • Pricing
  • Testing
    • Unit testing
  • Privacy and Security
    • Privacy and security
  • Useful resources
    • links
  • Firebase Extensions
    • Firebase extension
  • Chrome Extension
    • Firebase in a chrome extension
  • Cloud Run
    • Cloud Run
Powered by GitBook
On this page

Was this helpful?

  1. Cloud Functions
  2. HTTPS Callable

HTTPS Callable cloud function auth check email address domain

cloud function auth email domain check

PreviousHTTPS CallableNextSeparate Cloud Function in multiple files

Last updated 5 years ago

Was this helpful?

Sometimes you want to add an extra layer of security in case the firebase client side auth is compromised.

context.auth would tell you if the user is authenticated. But if you have a setup where you want to restrict auth to a specific email domain, malicious attackers might be able to circumvent this on the client side.

For instance if you set up auth with (using G Suite) there is the possibility that on the client the attacker could remove the custom domain restriction and sign in with any regular gmail. The following code can help you further mitigate that with server side validation in a cloud function and check the auth email against a specific domain.

  // Get email address from auth and check is @example.com email
  const email = context.auth.token.email;
  if(!email.endsWith('@example.com')){
    throw new functions.https.HttpsError(
      "failed-precondition",
      "The function must be called " + "while authenticated with @example.com email address."
    );
  }

Modified from stackoverflow

For more background on it's exactly what you'd expect from its name

The endsWith() method determines whether a string ends with the characters of a specified string, returning true or false as appropriate.

Google sign in custom domain
Get user phone number in firebase cloud functions
endsWith