问题
Assuming a teacher/student scenario what would be a good way to handle 'email invitations'?
Using a CSV upload I would like to create users or a whitelist of emails that will restrict everyone else (not invited) from creating an account.
Should I create my own login form that will check the whitelist first and then create the user?
Is there some type of BeforeAuth hook? LOL.
回答1:
What I'd recommend is to separate the auth from the access by using Custom Claims. Allow any one to create a user, but attach a Cloud Function to the user create event. If the user matches one on the white list, set a custom user claim (this just launched recently!)
Finally, in your rules, check for that use property before giving access to the data:
{
"rules": {
"adminContent": {
".read": "auth.token.admin === true",
".write": "auth.token.admin === true",
}
}
}
回答2:
FirebaseAuth is only meant to verify that a person is who he/she say they are. It does not restrict usage.
See FirebaseAuth documentation
After a successful sign in, you can access the user's basic profile information, and you can control the user's access to data stored in other Firebase products. You can also use the provided authentication token to verify the identity of users in your own backend services
I.e. you can use Firebase Authentication to verify a user is who they say they are, but restricting them from your services is then up to you based on the information in their user profile information
You can however combine FirebaseAuth with other Firebase services like Database or Storage which are integrated with auth. But for your scenario you still need to create the logic to restrict authenticated users from accessing data they shouldn't be able to access using Rules in the database or in storage. You haven't specified much else in your question so I can't give a better answer for now
来源:https://stackoverflow.com/questions/46552886/firebase-authentication-with-whitelisted-email-addresses