Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Get id token on Android app and verify it on backend server (How to use id token?)

Tags:

android

firebase

firebase-authentication

I'm developing an Android app that consumes data from my own REST API server. I want to use Firebase authentication because it allows the user to login using Google, Facebook, Twitter... in a very simple way.

But I'm not sure how to use ID tokens:

  • Because ID tokens have expiration date, should I call getToken method on every request in the client app, so I'm sure I'm sending a valid token every time?
  • Should I call verifyIdToken in the server each time I receive a request from the client app?

I don't know what these methods (getToken and verifyIdToken) do under the hood, and because they are asynchronous, I fear they are doing a request to Firebase servers on every call. So I think that making 2 request to Firebase servers in each of my requests is not the way to go...

like image 633
Sergio Viudes Avatar asked Jan 11 '17 18:01

Sergio Viudes

People also ask

How do I use an ID token?

To sign in or sign up a user with an ID token, send the token to your app's backend. On the backend, verify the token using either a Google API client library or a general-purpose JWT library. If the user hasn't signed in to your app with this Google Account before, create a new account.

How do I verify my Google ID token?

After you receive the ID token by HTTPS POST, you must verify the integrity of the token. To verify that the token is valid, ensure that the following criteria are satisfied: The ID token is properly signed by Google. Use Google's public keys (available in JWK or PEM format) to verify the token's signature.

How can I get token from ID?

To get an ID token, you need to request them when authenticating users. Auth0 makes it easy for your app to authenticate users using: Quickstarts: The easiest way to implement authentication, which can show you how to use Universal Login, the Lock widget, and Auth0's language and framework-specific SDKs.

1 Answers

Both getToken() and VerifyIdToken() are designed to be called for every outgoing/incoming request.

1) Although getToken() is asynchronous, the Firebase Android SDK actually caches the current Firebase user token in local storage. So long as the cached token is still valid (i.e. within one hour since issued), getToken() returns the token immediately. Only when the cached token expires does the SDK fetch a new token from remote Firebase server.

2) VerifyIdToken() is also optimized for performance. It caches the Firebase token public cert (valid for 6 hours) which is used to validate the token signature on local machine. No RPC is involved except for downloading the public cert.

like image 133
Jin Liu Avatar answered Sep 18 '22 17:09

Jin Liu
Sign in to Comment

Related questions

Default inputType of EditText in android
Animators may only be run on Looper threads on Sherlock Action Bar
How to prevent android app from crashing due to exception in background thread?
OnMessageReceived not called in WearableListenerService
Compatible version of Android JobScheduler - alternative [closed]
How to prevent ScrollView from intercepting click/touch events of the view behind it?
Sane way to go from ArrayList<Long> through an Intent
What do these numbers in Android logcat mean?
Method invocation may produce java NullpointerException
How can I determine the version of Google Play services?
Is there any way to debug apps over Wi-Fi or bluetooth? [Please note that the device is not connected via USB]
manually installing update patches of android studio on win os
Change TextInputLayout accent color programmatically
Throwable: Failed to create the SD card
map.setmylocationenabled(true) not working
How to check if apk is zip aligned?
Tutorial first time you enter into an app?
Unable to list target platforms. Please make sure the android sdk path is correct
How does one upgrade to Android SDK 25.1.3?
Could not find method android() for arguments org.gradle.api.Project

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!