Can you only allow users with a specific email address to sign up and use your app

Question

I currently have user authentication in my app using firebase and swift 3. Is there a way to only let users with a certain email address to sign up to use my app?

Answer 1

You can do the following client and backend checks to enforce this:

1. On the client side, you can block sign-in when an invalid email domain is provided. If you are using some federated sign in with Google or Facebook, etc, you can on return check the currentUser.email and currentUser.delete the user if the email doesn't match your domain. Google also provides an 'hd' parameter to specify the user domain if you are using GSuite.
2. You can use Firebase Functions onCreate event to delete a user quickly every time one is created with an invalid email domain.
3. If you are using database rules, you can block access if the email doesn't match: ".read": "auth != null && auth.uid == $uid" && auth.token.email.matches(/.*@mydomain.com$/)
4. If you are using your own backend, when getting the ID token of a user, validate it, then get the email and make sure it matches your domain, if not, you can delete the user. The Firebase Admin SDKs provide the ability to verify an ID token and delete a user by UID.