Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

(Firebase) Firestore security rules - allow if email verified without custom tokens?

Is there a way to check if the request user email is verified in the Firestore security rules?

something like:

function isEmailVerified() {
  return request.auth.emailVerified == true;
}
like image 351
MTK90 Avatar asked May 07 '18 23:05

MTK90


1 Answers

The correct syntax is:

request.auth.token.email_verified

If you want to know all claims available in your token, you can decode the JWT in your app or through jwt.io.

Some relevant documentation:

  • https://firebase.google.com/docs/reference/rules/rules.firestore.Request#auth
  • https://firebase.google.com/docs/reference/security/database/#authtoken (for a list of the claims in there by default)
like image 143
Frank van Puffelen Avatar answered Sep 30 '22 19:09

Frank van Puffelen