A variety of options are possible. My approach would be to use firebase authentication. First, in firebase create a list of emails you want to be able to use your app. In the app, allow anyone to sign up and sign in.
In the sign in block, if they successfully authenticate, check the firebase white list. If the sign in email is not in the list, sign them out of firebase and redirect the app to a screen explaining the app is private.