Limit Firebase Google OAuth Authentication to specific users

These rules will allow anybody to login, but only the listed email addresses to read or write data:

{
  "rules": {
    ".read":  "auth.email == '[email protected]' || 
               auth.email == '[email protected]' || 
               auth.email == '[email protected]'",

    ".write": "auth.email == '[email protected]' || 
               auth.email == '[email protected]' || 
               auth.email == '[email protected]'"
  }
}

Firebase's authentication handles only that: the authentication of users through any of the mechanisms you enable. Whether those users have access to your data is called authorization and it is handled through the security rules of your Firebase.

So:

  • Authentication allows the user to identify him/herself with your application. See Firebase's documentation on authentication (for JavaScript/Web, but it exists for all supported platforms).
  • Authorization limits read/write access to your data to specific users, based on their authentication. See Firebase's documentation on its security rules.

Limiting access to your data to specific email addresses is certainly possible. I recommend that you read Firebase's documentation on the its security rules and try to make it work based on that. If you have any problems, post what you've tried and we'll be able to help you better.