如何将用户注册仅限于Firebase中的某些域? [英] How do I restrict user sign ups to only certain domains in Firebase?
问题描述
我有一个想限制访问权限的iOS应用程序,仅对特定电子邮件域中的用户可用. 该应用要求用户使用其Google帐户登录. 我在网上找到了建议添加
I have an iOS app that I'd like to restrict access to, making it only available to users from a specific email domain. The app requires the users to log in using their Google Account. I've found various answers online that suggested adding
".read": "auth.token.email.endsWith('gmail.com')"
但这似乎并没有在登录页面中返回错误,而是仅在有问题的用户尝试访问数据库时才返回错误.有什么建议吗?
But that doesn't seem to return an error in the sign in page, but only when the user in question tries to access the database. Any suggestions?
推荐答案
您将不得不执行该操作.您可以使用多种工具:
You will have to enforce that. You have multiple tools to do so:
-
signInWithCredential解析后,您可以检查域,并且该域是google.com提供者.如果您允许电子邮件/密码用户,则也需要进行验证.如果用户不符合您的条件,请在用户上使用Delete API,并向用户发出错误,要求他们使用特定帐户登录.
After signInWithCredential resolves, you can check the domain and that it is a google.com provider. If you are allowing email/password users, you need to verify those too. If the user doesn't meet your criteria, use the delete API on the user and issue an error to the user that they need to sign in with a certain account.
在您的规则中强制执行检查,因为您并不总是信任客户端.确保如果用户注册并且未被删除,则他/她将无法访问数据.
Enforce the check in your rules, as you can't always trust the client. Ensure that if a user signs up, and isn't deleted, he/she can't access the data.
使用Firebase函数,该函数具有用于创建用户的触发器.创建用户时,请检查您的条件是否满足,否则,请使用firebase-admin模块删除该用户.
Use Firebase functions which has a trigger for user creation. On user creation, check your criteria is met, if not, use the firebase-admin module to delete that user.
如果您使用的是iOS的Google登录库来获取Google凭据,则可以先查看Google用户电子邮件和Google ID令牌,然后再在Firebase中对InInCredential进行登录并阻止登录尝试.
If you are using the Google sign-in library for iOS to get the Google credential, you can check the Google user email and Google ID token before you signInWithCredential in Firebase and block the sign in attempt.
编写您自己的清理脚本:如果您托管自己的服务器并且不想使用Firebase功能,则可以运行每日脚本,该脚本使用Firebase CLI SDK下载所有用户,然后删除所有用户.使用与您的条件不匹配的firebase-admin SDK.
Write your own clean up script: If you are hosting your own server and do not want to use Firebase Functions, you can run a daily script that downloads all your users using the Firebase CLI SDK and then deletes all users using firebase-admin SDK that do no match your criteria.
这篇关于如何将用户注册仅限于Firebase中的某些域?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
