使用列入白名单的电子邮件地址进行 Firebase 身份验证 [英] Firebase Authentication with whitelisted email addresses

问题描述

假设有一个教师/学生场景，处理电子邮件邀请"的好方法是什么?

Assuming a teacher/student scenario what would be a good way to handle 'email invitations'?

使用 CSV 上传，我想创建用户或电子邮件白名单，以限制其他所有人(未受邀)创建帐户.

Using a CSV upload I would like to create users or a whitelist of emails that will restrict everyone else (not invited) from creating an account.

我是否应该创建自己的登录表单，先检查白名单，然后再创建用户?

Should I create my own login form that will check the whitelist first and then create the user?

是否有某种类型的 BeforeAuth 钩子?哈哈.

Is there some type of BeforeAuth hook? LOL.

推荐答案

我建议使用 自定义声明.允许任何人创建用户，但附加云函数 到用户创建事件.如果用户与白名单中的用户匹配，请设置自定义用户声明(最近刚刚推出！)

What I'd recommend is to separate the auth from the access by using Custom Claims. Allow any one to create a user, but attach a Cloud Function to the user create event. If the user matches one on the white list, set a custom user claim (this just launched recently!)

最后，在您的规则中，在访问数据之前检查该 use 属性:

Finally, in your rules, check for that use property before giving access to the data:

{
  "rules": {
    "adminContent": {
      ".read": "auth.token.admin === true",
      ".write": "auth.token.admin === true",
    }
  }
}

这篇关于使用列入白名单的电子邮件地址进行 Firebase 身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！