Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to list all active firebase ci tokens, or revoke them all

Tags:

firebase

firebase-tools

I realize you can create a firebase token by using

firebase login:ci

You can revoke an individual token by doing

firebase logout --token <token>

But how do you either a) revoke all of them, or b) list all the active tokens?

I want to make sure there aren't leftover tokens that are still active on a project.

like image 562
Qiming Avatar asked Jun 27 '16 17:06

Qiming

People also ask

Where are Firebase tokens stored?

Token can be found in firebaseLocalStorageDB.

How do I know if my Firebase token is expired?

Because Firebase ID tokens are stateless JWTs, you can determine a token has been revoked only by requesting the token's status from the Firebase Authentication backend. For this reason, performing this check on your server is an expensive operation, requiring an extra network round trip.

How do you refresh a Firebase token?

You must set the header Content-Type: application/json or you will get errors (e.g. "MISSING_GRANT_TYPE"). Show activity on this post. Trade the refresh-token for an access-token (using google's public api) Trade the access-token for a custom-token (using a firebase-function, see below)

2 Answers

These tokens are Google OAuth2 refresh tokens (see bullet 4 in Google Identity Platform). Their number is limited (i guess it is 25 ).

The easiest way to explicitly revoke a token is to use firebase logout --token <token> as you mentioned. I do not know of an API for listing outstanding refresh tokens, I'm not sure it exists.

But I do know that clicking 'Remove' on the Firebase CLI entry here: https://myaccount.google.com/permissions will revoke the active tokens.

Logging back in will prompt you for permissions again and if you grant them your new token will be the only valid one.

So, It's better to remove permission from your App permissions, so no leftover tokens are there on your project.

like image 94
Ravi Shankar Bharti Avatar answered Sep 28 '22 06:09

Ravi Shankar Bharti

You should test this before I'd be certain it works, but you can likely go to Apps connected to your account for your Google account and revoke access to the Firebase CLI app. This should immediately revoke any outstanding tokens, and you can then run firebase login again to re-authenticate yourself.

like image 21
Michael Bleigh Avatar answered Sep 28 '22 05:09

Michael Bleigh
Sign in to Comment

Related questions

Can I store image files in firebase using Java API
How deal with Firebase offline mode and data push?
Unable to get URI from storage reference on Firebase
not receiving firebase notification from console
Firebase deploy, ignore all files but public folder
Xcode 8 ios 10 Simulator , is it possible to send push notification to the simulator
Angular 2 subscribe from component or service?
FCM + Swift 3 - Notifications not appearing
RemoteMessage.GetNotification() returns null when request is not from Firebase Console?
Unsubscribe from a topic in FCM Web
FIrebase Phone Authentication supported countries?
How to handle FirebaseAuthUserCollisionException
how to watch firebase traffic from desktop chrome inspector
firestore snapshotlistener costs
firestore cloud functions onCreate/onDelete sometimes immediately triggered twice
No firebase.app.App instance is currently initialized. Angular 6 sign in with phone error
How to make funnels on `screen_view` Firebase event
How to redirect to login page for restricted pages in next.js?
Firestore get subcollection parent document ID - JavaScript
Firebase authentication in Chrome Extension popup

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!