Limit logins via Github organizations in Firebase

Question

I am working on an application using Firebase as the backend. I have a working implementation of GitHub authentication using Firebase. However, I want to limit my complete application (all read/write operations) to people in a specific GitHub organization.

From what I gather, it is to be done via adding Security Rules in Forge. However, the organization of a user is not part of the "basic auth data" that GitHub provides to Firebase for use. Is there any way for me to make the app available to members of a particular organization only?

Current Code:

var FB = new Firebase('https://XXXXX.firebaseio.com');
var auth = new FirebaseSimpleLogin(FB, function(error, user){
  if(user==null){
    auth.login('github',{rememberMe:true});
  }
  else{
    //We are logged in
    $.getJSON("https://api.github.com/user/orgs?access_token="+user.accessToken+"&callback=?", function(data){
      var orgs = data.data.map(function(org){return org.login});
      if(orgs.indexOf(config.github_org)>-1){
        //Public Member of Chosen Github Org
        //Now we fetch the data and render it
      }
      else{
        //Throw them out
        alert("Join the group "+config.github_org+" on GitHub to get access to Eon");
        document.location="https://github.com/"+config.github_org;
      }
    })
  }
});

Answer 1

To use FB Security Rules you'll need to compare the auth data with something in the Firebase (like a list of organizations), but it looks like you are trying to get those on the fly every time. Instead I'd recommend keeping a collection of users in your Firebase organized by their auth.uid that have organization lists you can check against:

users
  uid1
  ...
  uidX
    orgs
      org1
      ...
      orgX

So when a user tries to access a given orgX you can check to see if root.child('users').child(auth.uid).child('orgs/orgX') exists in your Security Rules.