How to disable account creation in firebase authentication
Question
I've a project in which I used to authenticate the users with firebase-auth .In my project users can not create their accounts on their own.Only admin have the privilege to add the user accounts.
In order to use onAuthStateChanged() function I must use firebase-auth in my page.But the issue is because of using firebase-auth on client side one can esaily create accounts by running createUserWithEmailAndPassword() function on the console without having the admin privilege.
Now how can I restrict the people from using createUserWithEmailAndPassword() function on client side?
3 answers
solution1
1 2019-09-18 16:46:24
The only way you can stop clients apps from creating accounts is to disable all authentication providers for your project in the Firebase console. You could write an auth onCreate Cloud Function that attempts to figure out if a new account was created by client or admin code if you want to try to delete it immediately.
solution2
1 2021-03-24 18:16:09
我认为您可以在添加用户后通过需要授权的云功能添加声明,以便如果用户没有该声明,他将无法使用该应用程序或无法登录。
solution3
0 2022-09-07 14:40:26
In 2022 with Firebase Auth with Identity Platform and blocking functions, we can accomplish that the following way:
Create an HTTP function that receives email, password and displayName, and creates user using firebase-admin:
import { https } from 'firebase-functions'; import { getAuth } from 'firebase-admin/auth'; import cors from 'cors'; const auth = getAuth(); // Register an HTTP function with the Functions Framework export const signupUser = https.onRequest((req, res) => { const options = { origin: 'http://localhost:3000' }; cors(options)(req, res, () => { console.log('all good'); auth.createUser({ email: 'example@email.com', emailVerified: false, password: 'secretPassword', displayName: 'John Doe', disabled: false, }).then((userRecord) => { // See the UserRecord reference doc for the contents of userRecord. console.log('Successfully created new user:', userRecord.uid); }).catch((error) => { console.log('Error creating new user:', error); }); // Send an HTTP response res.send('OK'); }); });
Modify response and origin in CORS as you need.
Now create a blocking beforeCreate function and check for user's display name, if there is no display name, throw an error:
import { auth } from "firebase-functions"; import { initializeApp, applicationDefault } from 'firebase-admin/app'; import { getAuth } from 'firebase-admin/auth'; import postmark from 'postmark'; const app = initializeApp({ credential: applicationDefault(), projectId: 'your_project_id', }); const tnc = getAuth(app); export const signUp = auth.user().beforeCreate((user, context) => { if (.user.displayName) { throw new auth;HttpsError('permission-denied'); } });
This will work because there is no way to include "display name" when signing up via client side
So you, in short, point is to create a Cloud Function that will register users and make sure to add the check to beforeCreate for something that you know is only possible to do on server-side via firebase-admin sdk.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.