Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Firebase authentication duration is too persistent

Tags:

firebase

firebase-authentication

Bit of context, I am trying to use Firebase for both authentication and data storage. Since my application deals with potentially sensitive data, the confidentiality features offered by Firebase (all Firebase communication is done via HTTPS according to their blog) seems like a great way to keep my data secured. In fact, the only problem I have with Firebase is that authentication last far longer than it should. As far as I can tell, it lasts through device resets, application rebuilds and loss of connection. Even worse, I have no idea how long it persists for. I've tried searching online but I can't find the information anywhere. As far as I can tell, it lasts around a day, but that's just a guess. I am using email and password as credentials for my sign in.

My question has two parts, does anyone know the default duration of Firebase authentication and does anyone know how to shorten it? Otherwise are there any other services that are similar to Firebase where you can set the authentication duration?

If I could shorten the duration to 4 hours Firebase would literally be perfect, other wise I might have to implement my own authentication, since authentication that last's for as long as Firebase is far too insecure.

like image 639
Alex Avatar asked Jun 19 '16 12:06

Alex

People also ask

How long does Firebase auth session last?

By default, a session ends (times out) after 30 minutes of user inactivity. There is no limit to how long a session can last.

Is Firebase persistent?

Note that Firebase Auth web sessions are single host origin and will be persisted for a single domain only. Indicates that the state will only persist in the current session or tab, and will be cleared when the tab or window in which the user authenticated is closed.

Is Firebase Auth slow?

Because it IS slow and for this reason you should avoid using it. Build your own authentication, like I did and you'll discover how significantly faster it is.

1 Answers

Firebase Authentication (for 3.x or higher SDKs) uses two types of tokens:

  1. A token that identifies the user. This token is created when the users signs in with the app and does not expire. To get rid of this token, sign out the user.

  2. A token that allows the user to access the Firebase back-end. This token is based on the previous token, is valid for an hour, and is automatically created and refreshed by the Firebase SDKs.

like image 102
Frank van Puffelen Avatar answered Oct 13 '22 08:10

Frank van Puffelen
Sign in to Comment

Related questions

Angular Universal Firebase: no provider for InjectionToken MODULE_MAP
Firestore what happens when an offline device goes online?
Firestore moving to timestamps in Firebase functions
Flutter Admob AppID use Android or iOS?
Firestore Security rules without Authentification
Firebase User Profile Add Custom Fields
Flutter:How can we use Firebase database with desktop application
Firebase console show this while choose Crashlytics with iOS "We'll be listening for your app to communicate with our servers"
Firebase: Uncaught TypeError: Firebase is not a constructor
How to use Firebase with Ruby on Rails?
How to set log level for Firestore?
Firestore REST API: Query parameters type of object
How can I retrieve data from Firebase to my adapter
How to decrypt Firebase requests to app-measurement.com
Problems with Firebase and SwiftUI Live Previews
Firebase multilingual Password Reset Email
Can Swift return value from an async Void-returning block?
Can't download GoogleService-Info.plist file
How to implement firebase cloud messaging in server side?
Adding custom hosting domain: "Unexpected TXT records found. Continuing to watch for changes."

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!