Android - Do Firebase User Auth Tokens Expire?

Question

I decided to use Volley and go the RESTful route with Firebase since their listeners seem to hang when there's no internet connection. At least with Volley, it lets me know if a network request was not successful due to internet connection or not.

I need to know whether FirebaseUser auth tokens expire or not. In my app, I only allow Google and Facebook authentication, and I use the following code assuming that Firebase user auth token DO NOT expire:

private String authToken;

// Callbacks

public interface ApiCallbacks {
    public void onSuccess(JSONObject response);
    public void onError(String errorString);
}

private interface AuthTokenCallbacks {
    public void onAuthTokenSuccess();
    public void onAuthTokenError(String errorString);
}

// Request Helpers

private void getAuthToken(final AuthTokenCallbacks callbacks) {
    // Lazy instantiation
    if (authToken == null) {
        FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();
        if (user == null) {
            callbacks.onAuthTokenError("Please log in");
        } else {
            user.getToken(false).addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
                @Override
                public void onComplete(@NonNull Task<GetTokenResult> task) {
                    if (task.isSuccessful()) {
                        authToken = task.getResult().getToken();
                        callbacks.onAuthTokenSuccess();
                    } else {
                        callbacks.onAuthTokenError("Please log in");
                    }
                }
            });
        }
    } else {
        callbacks.onAuthTokenSuccess();
    }
}

public void sendGetRequestTo(final String endpoint, final HashMap<String, String> arguments, final RequestQueue requestQueue, final String tag, final ApiCallbacks callbacks) {
    // Only execute get request if we have an auth token
    getAuthToken(new AuthTokenCallbacks() {
        @Override
        public void onAuthTokenSuccess() {
            final String requestUrl = getRequestUrlString(endpoint, arguments);
            JsonObjectRequest request = new JsonObjectRequest(Request.Method.GET, requestUrl, null, new Response.Listener<JSONObject>() {
                @Override
                public void onResponse(JSONObject response) {
                    callbacks.onSuccess(response);
                }
            }, new Response.ErrorListener() {
                @Override
                public void onErrorResponse(VolleyError error) {
                    callbacks.onError(error.toString());
                }
            });
            request.setTag(tag);
            requestQueue.add(request);
        }

        @Override
        public void onAuthTokenError(String errorString) {
            callbacks.onError("Please log in");
        }
    });
}

Is this the correct way of doing it? I just need to know if I'm going in the right direction because I don't want future problems with my auth tokens expiring (if they do).

EDIT

I forgot to mention that my final String requestUrl = getRequestUrlString(endpoint, arguments); method basically constructs the url request string with auth=authTokenString appended at the end of my url.

Answer 1

Yes, they do expire (you can check out the expiration date at jwt.io). If you don't force a refresh (i.e. user.getToken(false)), the returned token will be updated only if it has expired. If you pass true to getToken(...), a new token will be created which also involves the linked providers' token validation on the firebase servers (e.g. validating against Facebook whether the user still has his/her account linked). Note that the latter counts towards your daily token service quotas, so make sure you use it only when it's necessary.