问题
I'm using Firebase to handle my Google OAuth login for my website. Does anyone knew how to restrict the users who have access to the application? For example, I only want x@gmail.com, y@gmail.com, and z@gmail.com to successfully be able to log in via google to my application.
I wasn't sure if this was a Firebase or Google question, but any help would be much appreciated.
回答1:
Firebase's authentication handles only that: the authentication of users through any of the mechanisms you enable. Whether those users have access to your data is called authorization and it is handled through the security rules of your Firebase.
So:
- Authentication allows the user to identify him/herself with your application. See Firebase's documentation on authentication (for JavaScript/Web, but it exists for all supported platforms).
- Authorization limits read/write access to your data to specific users, based on their authentication. See Firebase's documentation on its security rules.
Limiting access to your data to specific email addresses is certainly possible. I recommend that you read Firebase's documentation on the its security rules and try to make it work based on that. If you have any problems, post what you've tried and we'll be able to help you better.
回答2:
These rules will allow anybody to login, but only the listed email addresses to read or write data:
{
"rules": {
".read": "auth.email == 'x@gmail.com' ||
auth.email == 'y@gmail.com' ||
auth.email == 'z@gmail.com'",
".write": "auth.email == 'x@gmail.com' ||
auth.email == 'y@gmail.com' ||
auth.email == 'z@gmail.com'"
}
}
来源:https://stackoverflow.com/questions/28421906/limit-firebase-google-oauth-authentication-to-specific-users