Firebase Authentication with whitelisted email addresses

Question

Assuming a teacher/student scenario what would be a good way to handle \'email invitations\'?

Using a CSV upload I would like to create users or a whitelist of emails th

Answer 1

What I'd recommend is to separate the auth from the access by using Custom Claims. Allow any one to create a user, but attach a Cloud Function to the user create event. If the user matches one on the white list, set a custom user claim (this just launched recently!)

Finally, in your rules, check for that use property before giving access to the data:

{
  "rules": {
    "adminContent": {
      ".read": "auth.token.admin === true",
      ".write": "auth.token.admin === true",
    }
  }
}