Limit Firebase Google OAuth Authentication to specific users

Question

I'm using Firebase to handle my Google OAuth login for my website. Does anyone knew how to restrict the users who have access to the application? For example, I only want x@gmail.com, y@gmail.com, and z@gmail.com to successfully be able to log in via google to my application.

I wasn't sure if this was a Firebase or Google question, but any help would be much appreciated.

Answer 1

Firebase's authentication handles only that: the authentication of users through any of the mechanisms you enable. Whether those users have access to your data is called authorization and it is handled through the security rules of your Firebase.

So:

• Authentication allows the user to identify him/herself with your application. See Firebase's documentation on authentication (for JavaScript/Web, but it exists for all supported platforms).
• Authorization limits read/write access to your data to specific users, based on their authentication. See Firebase's documentation on its security rules.

Limiting access to your data to specific email addresses is certainly possible. I recommend that you read Firebase's documentation on its security rules and try to make it work based on that. If you have any problems, post what you've tried and we'll be able to help you better.

Answer 2

These rules will allow anybody to login, but only the listed email addresses to read or write data:

{
  "rules": {
    ".read":  "auth.email == 'x@gmail.com' || 
               auth.email == 'y@gmail.com' || 
               auth.email == 'z@gmail.com'",

    ".write": "auth.email == 'x@gmail.com' || 
               auth.email == 'y@gmail.com' || 
               auth.email == 'z@gmail.com'"
  }
}