Authorize a user after they've signed up for my firebase app

Question

I want to be able to let a user sign up for my firebase app using Google, Facebook, or Email/Password. But after they've signed up, I want to be able to authorize them to use it before they can begin to use the firebase app. So if someone I don't trust to use my app signs up, I can deny them access before they can begin using the app. Is there a design pattern for this, along with maybe a tutorial or example of a previous implementation?

Answer 1

Remember the difference between authentication vs authorization.

You can sign up your users for example and have a cloud function which onCreate copy the user record to a users collection. At this point, you have control over what the user looks like, maybe you want to set a property like blocked equal to true and you can change it on whatever method to false when you vet the user. Then on your FE, you just implement logic to block the app based on the property.

Another option is to create the user on a cloud function, you have access on the admin to a method called createUser find more here and you can pass the disabled param as true, more here

After you vet the user you can update the user using the updateMethod here and change the prop to true.

Notice all this method are available via admin.auth()

Answer 2

What you are looking for is very simple, you have to create a flag in your users branch or in your rule stating it to be false by default. When you run through background checks on the user, you set it manually to true. Your app should check if the flag is true before proceeding any further . This is authorization of user not authentication.