Is there a way to check if the request user email is verified in the Firestore security rules?
something like:
function isEmailVerified() {
return request.auth.emailVerified == true;
}
The correct syntax is:
request.auth.token.email_verified
If you want to know all claims available in your token, you can decode the JWT in your app or through jwt.io.
Some relevant documentation:
- https://firebase.google.com/docs/reference/rules/rules.firestore.Request#auth
- https://firebase.google.com/docs/reference/security/database/#authtoken (for a list of the claims in there by default)
来源:https://stackoverflow.com/questions/50223818/firebase-firestore-security-rules-allow-if-email-verified-without-custom-tok