How do you block users on Firebase?

Question

I'm using Firebase for my app and was wondering how to block certain users. I see on the Auth tab of the console, there are "delete" and "disable" options. What do those do? I haven't been able to find documentation on that. Will one of those allow me to block a user?

What I mean by blocking a user is for the ".read": "auth != null" rule to prevent him from accessing data on the database

Answer 1

The disable feature consist in preventing that user to authenticate. So if he tries to authenticate he will fail with error code INVALID_CREDENTIALS and he won't have access to the data that has the ".read": "auth != null" rule. It works like he is deleted but the admin still have the power to reactivate the user account.

If you want to build a list of "blocked users" that will be able to authenticate but will have restricted access, you can store the blocked ids in a node on your firebase database like /databaseRoot/blockedUsers and then work with the security and rules.

".read": "auth != null && !root.child('blockedUsers').hasChild(auth.uid)"

---

blockedUsers could look like the tree bellow but you could also add some other info under the userId such as the date this user was blocked.

/databaseRoot
    /blockedUsers
       userId1 : true
       userId2 : true

Adding the user to this list will depend on your necessity. You can do it manually by accessing the firebase console and adding the user id to the node. Or, if you want to block an user based on an event on the application, you could simply call something like

ref.child('blockedUsers').child(userIdToBlock).set(true);