Access control on firebase hosting test and staging [duplicate]

Question

I have just deployed a website to Firebase hosting and it works great - setup was super easy.

My question is, however, is there any way I can make accessing the website limited by authentication? It's an admin panel that only my team should be able to access. Is there any way I can password protect or privatize my website hosted on Firebase?

Thanks!

Answer 1

This is not possible at present, though it's been a popular feature request. We have some ideas about how we might tackle something like this, but nothing to announce at this time.

Answer 2

Late to the party, but ran into a similar problem when wanting to create a dashboard available only to users on our domain (but without wanting to manage individual accounts).

Ended up using the standard google auth flow, but restricting data access via DB rules. To see if a user is authorised we attempt to access data directly after login (and before we report back to the user). If it fails on auth grounds our user is an outsider.

Firebase DB Rule:

{
  "rules": {
    ".read": "auth.token.email_verified == true && auth.token.email.matches(/.*@ourdomain.org$/)",
    ".write": false
  }
}

See https://firebase.google.com/docs/reference/security/database/

Note: this was definitely made easier due to our org running our mail through gsuite, however you could easily define more granular rules where this option isn't available.