Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to invalidate 'expired' Firebase Instance ID Token

AFAIK, the Firebase Instance Token will be refreshed under the following 4 conditions:

  1. App deletes Instance ID

  2. App is restored on a new device

  3. User uninstalls/reinstall the app

  4. User clears app data

Suppose a user is using Token A as his 'FCM address'. Every time when he logs in the app, he will register the Token A to the Firestore along with this user's UUID so user-specific cloud message can be sent to him. When he logs out, the system will fire a request to firestore for removing the token A record.

Now, when the user reinstalls the app, the instance id is refreshed and a new Token B is generated. The Token A becomes useless. Unfortunately, if the user does not log out before the uninstallation, token A will stay in the firestore forever.

Any workaround or wiser way to handle this case?

like image 961
jackycflau Avatar asked Jul 09 '18 04:07

jackycflau


People also ask

What happens when Firebase token expires?

Firebase ID tokens are short lived and last for an hour; the refresh token can be used to retrieve new ID tokens. Refresh tokens expire only when one of the following occurs: The user is deleted. The user is disabled.

How long FCM Token expired?

It doesn't expire though. It renews itself if one of the following happens. According to https://firebase.google.com/docs/cloud-messaging/android/client: -The app deletes Instance ID.

Can you change Firebase tokens?

To be specific,The registration token may change when: The app deletes Instance ID. The app is restored on a new device. The user uninstall/reinstall the app.


1 Answers

Keeping your token registry up to date requires two steps:

  1. Remove outdated tokens from your application code.
  2. Check for outdated tokens and remove them when you send messages.

Your approach of removing a token that is no longer used, is #1.

The second step though is to remove tokens from your registry/database when you get a messaging/invalid-registration-token or messaging/registration-token-not-registered response when trying to send a message to it. The functions-samples repo contains a great example of this:

admin.messaging().sendToDevice(tokens, payload).then((response) => {
  // For each message check if there was an error.
  const tokensToRemove = [];
  response.results.forEach((result, index) => {
    const error = result.error;
    if (error) {
      console.error('Failure sending notification to', tokens[index], error);
      // Cleanup the tokens who are not registered anymore.
      if (error.code === 'messaging/invalid-registration-token' ||
          error.code === 'messaging/registration-token-not-registered') {
        // TODO: remove the token from your registry/database
      }
    }
  });
});

The above code uses the Firebase Admin SDK for Node.js, but the same logic could also be applied to other platforms or when sending messages through the HTTPS endpoints.

like image 157
Frank van Puffelen Avatar answered Sep 19 '22 19:09

Frank van Puffelen