How to authenticate escaped email-based user accounts in Firebase?

Question

I am using email/password auth option of Firebase Simple Login.
I store my users' data with escaped emails as keys, where '.' characters have been replaced with ',' (as Firebase doesn't allow storing '.'s in keys) rather than using user ids as keys. The problem is that in security rules I cannot use regex to authenticate escaped emails against the auth.email variable. So I cannot do the following:

users: {
  $user: {
    ".read":  "auth.email == $user",
    ".write": "auth.email == $user"
  }
}

because each $user looks like 'some,one@domain,co,uk' while the auth.email is 'some.one@domain.co.uk'.
Is there a way around this problem? Do I need to store the user id inside each $user to make user-wise authentication possible? In this case I guess it would be easier to simply store user data in id-based nodes rather than escaped emails.

Answer 1

Update:

If you're using Firebase Simple Login email / password authentication, it is recommended that you key users based upon the uid field, which will not change and is unique across all users of your Firebase, whether they are authenticating via email / password, Facebook, Google, etc.

Prior versions of Firebase authentication (i.e. Firebase Simple Login) put an email address in the security rules auth variable, but this was removed because (1) not all users will have email addresses, (2) users may have multiple email addresses, and (3) email addresses can change. As a result, they're not ideal for indexes in Firebase.

---

Original Answer:

However, if you'd rather key your data based upon e-mail address, you can use the .replace() method in security rules to simply replace the periods with commas directly in your security rules. For example:

".read": "root.child('users').child(auth.email.replace('.', ',')).exists()"

See https://www.firebase.com/docs/security/string/replace.html for more details.