Menu
I have a profile tab in which a user can press edit and edit their profile. I only want to require their password if I have to. So wanted to know how long is how many milliseconds of a user being signed in makes it not a recent login, in which firebase will throw the error "auth/requires-recent-login" when editing a users account? new Date(Date.parse(firebase.auth().currentUser.metadata.lastSignInTime)).getTime() Will give me an approximation of the last login (in milliseconds within 2000 milliseconds). I just want to know at what time should I ask the user to reauthenticate?
992
Firebase ID tokens are short lived and last for an hour; the refresh token can be used to retrieve new ID tokens. Refresh tokens expire only when one of the following occurs: The user is deleted. The user is disabled.
By default, a session ends (times out) after 30 minutes of user inactivity. There is no limit to how long a session can last.
You can easily detect if the user is logged or not by executing: var user = firebase. auth().
Firebase Authentication sign-ins are permanent There is no specific time-out on the authentication of a user, so you should not ask them to re-authenticate based on the expired time.
The only you should ask the user to re-authenticate is when you perform an action in the code that requires recent authentication and it fails with a auth/requires-recent-login error code.
For example, this is how FirebaseUI detects the error upon user deletion:
firebase.auth().currentUser.delete().catch(function(error) { if (error.code == 'auth/requires-recent-login') { // The user's credential is too old. She needs to sign in again.
181
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
