Log in restriction using firebase auth - firebase

I've created a website using firebase authentication system. The website is intended for a specifik group of people which means i want to restrict sign up/log in for this group.
I've been looking around for a solution but haven't been able to find a good one. I got a tip about creating a "whitelist" for the allowed users and changing the security rules so that .read is true for these people. But would this restrict login?
So basically I'm wondering if anyone else has bumped into this problem? Or if anyone has a good solution?

What you can do is to set up FireBase Auth using the Email/Password signin provider.
Then, create a backend page/tool to pre-register the users and send them a verification email.
Details found in FireBase doc: https://firebase.google.com/docs/auth/users

Related

Possible reasons for Google Sign In returning SIGN_IN_FAILED 12500

I have an app available for download which uses Google Sign In. Most people do not have any problem signing in using Google Sign in so I know it is set up correctly with the right keys. However very occasionally we see the following error.
SIGN_IN_FAILED 12500
The docs say
The sign in attempt didn't succeed with the current account.
Unlike SIGN_IN_REQUIRED. when seeing this error code, there is nothing user can do to recover from the sign in failure. Switching to another account may or may not help. Check adb log to see details if any.
I suspect something has been disabled by a GSuite admin but I cannot see anything you can do to disable Google Sign In. In GSuite help I read under “View and revoke third-party applications connected to the user's Google Account”:
You can revoke service access only after it's been granted. You can't preemptively block users from granting access to specific apps.
Can anyone suggest what could cause this - for example how I could reproduce this issue by setting something in my own GSuite account?

Firebase account linking prompt

I understand how to link two Firebase accounts manually, by allowing a logged in user to select to link another account, and then using the `linkWithCredential' method.
However, is there a way to use Firebase's FirebaseAuthUserCollisionException to trigger a prompt to the user to link the auth method that they are trying to loggin in with, with that of the existing account?
After the research that I've done, I'm assuming not. However, any suggestions relating to this or similar approaches would be appreciated.

Having problems to access Firebase Overview/Features

I am having problems to access Firebase Page.
I have multi google accounts and they were all connected at same time.
I have the firebase only registered in one of them and everysingle time I try to access firebase the first account that shows up as current is one that I am not registered with and not even logged in anymore.
Then when I change to the right one I can't access the features. The overview is completely different like it was reset or I just created an account. And I can't access anything.
It looks like a problem with multi google account and firebase.
Does anyone have the same? Is there a way to fix it?
I already logged out all my other accounts.

Is it possible to see how many users are authenticated by google, facebook, twitter or anonymous signed-up from Firebase Console?

In realtime database I have exactly 448101 users that authenticated by different providers. Is there any easy way to filter how many users sign-up with facebook, twitter, google or anonymous-login? I believe this feature should be in the analytics section of firebase console.
Thanks
There is no such feature in the Firebase Console at the moment. But it sounds reasonable, so I suggest you file a feature request.
In the meantime: since you say you have the users in the database, you might be able to derive the data from there, or at least start tracking it there.

Meteor: Verifying user's twitter account, without logging in

Meteor can let a user authenticate that she controls a Twitter account without logging in:
Standalone OAuth client use
If you just want to authenticate to an Oauth service like Twitter,
Facebook, or Google without using Accounts – that is, if you don't
want to log the user in, you just want an OAuth token – you can use
the underlying service packages such as twitter, facebook, and google
directly.
But, I haven't been able to find any information on how to do this in the documentations. I tried reading the packages for twitter and oauth, but it seems you have to change the code to make a call to Twitter without creating an account.
There are some solutions to a similar problem, like using Accounts.onCreateUser(function(options, user), where you can hinder external services from making an account on your app. But, I want to let some twitter accounts create a normal account, and others to not be able to create one at all.
I tried adding a custom object to Twitter.requestCredential(options, callback) and to Meteor.loginWithTwitter(options, callback), but neither worked.
Does anyone know how to solve this problem of letting users verify their twitter accounts without creating an account (and without completely stopping people from creating an account with twitter)?

Resources