Firebase Authentication for purchased email account only?

Question

I have free version and paid version on play store both have firebase authentication how to make sure not login for other email accounts except the account purchased

https://stackoverflow.com/questions/37908795/how-do-you-block-users-on-firebase — Abubakker Moallim, Dec 22 '17 at 11:45
my doubt is if you are purchasing the paid app on play store with abc@gmail.com how to get the email abc@gmail.com — Rajesh Wolf, Dec 22 '17 at 11:46
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/161806/discussion-between-rajesh-vinew-and-abdevelopers). — Rajesh Wolf, Dec 22 '17 at 11:51
https://stackoverflow.com/questions/24863113/android-get-google-play-account-associated-with-in-app-billing *******answer is here **** — Rajesh Wolf, Dec 22 '17 at 12:01

score 2 · Accepted Answer · answered Dec 22 '17 at 22:38

Consider using custom user claims and then enforcing access via Firebase rules or checking the presence of the custom claims in the ID token if you are parsing it in your own server: https://firebase.google.com/docs/auth/admin/custom-claims

After a user signs in and completes their purchase, you can send the purchase credentials to your backend to process it along with the user's ID token. If both are verified, you set the custom claim for that user:

admin.auth().setCustomUserClaims(uid, {paidSubscriber: true}).then(() => {...

You then force the client to refresh their token to get the latest claims: currentUser.getIDToken(true)...

Now every request can check the user is authorized or not by checking the ID token.

{
  "rules": {
    "paidContent": {
      ".read": "auth.token.paidSubscriber === true",
      ".write": "auth.token.paidSubscriber === true",
    }
  }
}

Firebase Authentication for purchased email account only?

1 Answers1