All geek questions in one place

Create user-side users with simple firebase login

I am experimenting with firebase protection and authations configurations and notice the Simple Login Web tutorial. I can create users by running auth.createUser() through the javascript console, but wanted to know if I can limit the creation of the user on the server side.

I tried adding the host to the Authorized Request Origins and tried to remove localhost and 127.0.0.1 (without success), but still could create users from the client side.

Ideally, I would like users to only be authenticated from the client side. Am I missing something? (assuming this can be done without departing from the integration of fb, twitter, etc.)

thanks

+4
source share
1 answer

Simple Login is designed to work completely without a server. If you want clients to not create accounts, you will need to use a user login and minimize your own.

However, in most cases, you probably do not need to prohibit the creation of accounts in Simple Login. You can achieve the same result by simply prohibiting users from creating a user account in Firebase and based on it security rules .

For example, when a new user account is created on the server, I can create a user profile as:

 /user/$user_id/...

I can allow users to write to their profile, but not create a profile with this rule:

 ".write": "data.exists() && auth.uid === $user_id"

Then, to control access to any path on the server, I can write a rule as follows:

 ".read": "root.child('user/'+auth.uid).exists()"

Since only the server can create the profile in the first place, the user was actually unable to create an account.

+3
source

Source: https://habr.com/ru/post/1499096/

More articles:


All Articles