1

I found out that it is possible to create a new user in Firebase using the JS SDK without any user being logged in using the method createUserWithEmailAndPassword. For consumer apps i can image this is a great feature so that a "new customer" can create an account. However, for the b2b world this ain't such a great feature and in my case we actually wan't to disable this.

Is there any configuration possible in Firebase or GCP that disallows any random person in the world to create an account in my environment?

Thanks!

Bas van den Heuvel
  • 13
  • 2

2 Answers2

0

If you want to disallow the creation of new accounts entirely, then you probably don't want the normal Firebase Auth standard email/password auth at all (which does not have the ability to disable new accounts created by an end user). You probably want to use custom authentication, and control precisely how signups occur with your own backend. You can control everything that happens on your own backend, of course. The downside is that you have to control everything on your backend!

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
0

You can't disable account creation but you can make your system only work with account you created with custom claims. You can make a cloud function to add a specific claim to your accounts, then delete that function. Now, with security rules like

allow read, write: if request.auth.token.yourClaim == true;

effectively, any account created without the claim can't do anything in your system. I think this is easier than implementing your own authentication scheme

ThienLD
  • 741
  • 4
  • 14