在使用客户端SDK进行Firebase身份验证时，您只能删除当前已登录的用户帐户.其他任何情况都将带来巨大的安全风险，因为它将允许您的应用程序的用户删除彼此的帐户.

When using the client-side SDKs for Firebase Authentication, you can only delete the user account that is currently signed in. Anything else would be a huge security risk, as it would allow users of your app to delete each other's account.

用于Firebase身份验证的管理SDK 旨在用于受信任的环境，例如开发机器，您控制的服务器或Cloud Functions.因为它们在受信任的环境中运行，所以它们可以执行客户端SDK无法执行的某些操作，例如

The Admin SDKs for Firebase Authentication are designed to be used in a trusted environment, such as your development machine, a server that you control, or Cloud Functions. Because they run in a trusted environment, they can perform certain operations that the client-side SDKs can't perform, such as deleting user accounts by simply knowing their UID.

另请参阅:

• 从Web应用程序中删除经过Firebase身份验证的用户

另一种常见方法是将白名单/黑名单保留在Firebase数据库中，然后基于该白名单授权用户.请参阅如何在Firebase 3.x中禁用注册

Another common approach is to keep a whitelist/blacklist in for example the Firebase Database and authorize user based on that. See How to disable Signup in Firebase 3.x