Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Firebase authentication duration is too persistent

Bit of context, I am trying to use Firebase for both authentication and data storage. Since my application deals with potentially sensitive data, the confidentiality features offered by Firebase (all Firebase communication is done via HTTPS according to their blog) seems like a great way to keep my data secured. In fact, the only problem I have with Firebase is that authentication last far longer than it should. As far as I can tell, it lasts through device resets, application rebuilds and loss of connection. Even worse, I have no idea how long it persists for. I've tried searching online but I can't find the information anywhere. As far as I can tell, it lasts around a day, but that's just a guess. I am using email and password as credentials for my sign in.

My question has two parts, does anyone know the default duration of Firebase authentication and does anyone know how to shorten it? Otherwise are there any other services that are similar to Firebase where you can set the authentication duration?

If I could shorten the duration to 4 hours Firebase would literally be perfect, other wise I might have to implement my own authentication, since authentication that last's for as long as Firebase is far too insecure.

like image 639
Alex Avatar asked Jun 19 '16 12:06

Alex


People also ask

How long does Firebase auth session last?

By default, a session ends (times out) after 30 minutes of user inactivity. There is no limit to how long a session can last.

Is Firebase persistent?

Note that Firebase Auth web sessions are single host origin and will be persisted for a single domain only. Indicates that the state will only persist in the current session or tab, and will be cleared when the tab or window in which the user authenticated is closed.

Is Firebase Auth slow?

Because it IS slow and for this reason you should avoid using it. Build your own authentication, like I did and you'll discover how significantly faster it is.


1 Answers

Firebase Authentication (for 3.x or higher SDKs) uses two types of tokens:

  1. A token that identifies the user. This token is created when the users signs in with the app and does not expire. To get rid of this token, sign out the user.

  2. A token that allows the user to access the Firebase back-end. This token is based on the previous token, is valid for an hour, and is automatically created and refreshed by the Firebase SDKs.

like image 102
Frank van Puffelen Avatar answered Oct 13 '22 08:10

Frank van Puffelen