Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is the firebase access token refreshed automatically?

I'm using the Firebase email/password authentication. After the user has signed in successfully I query the access token the following way:

FirebaseUser mUser = FirebaseAuth.getInstance().getCurrentUser();
mUser.getIdToken(true)
    .addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
    public void onComplete(@NonNull Task<GetTokenResult> task) {
        if (task.isSuccessful()) {
            String idToken = task.getResult().getToken();
            // Send token to your backend via HTTPS
            // ...
        } else {
            // Handle error -> task.getException();
        }
    }
});

According to the Firebase documentation the access token expires after 1 hour. To handle the case to have always the current access token in my app, I was looking for a solution and I found in the firebase documentation that I have to register a Firebase.IdTokenListener to listen to the

onIdTokenChanged event

My question is: Is the

onIdTokenChanged event

automatically fired if the access token expired?

In case the event is not automatically fired after the access token has expired, what would be the coorect approach to query "manually" for a new/updated Access token with the

"FirebaseAuth.getInstance().getCurrentUser().getIdToken(boolean)"

method?

I know, that If I call the

mUser.getToken(true)

then the mentioned event is fired and the

IdTokenListener

is triggered. But this is not what I'm looking.

like image 619
Degoah Avatar asked Apr 04 '18 16:04

Degoah


People also ask

Does firebase automatically refresh token?

An ID token is passed down to the client device as a result of the signInWithCustomToken() method. These tokens expire after one hour, but are automatically refreshed by the Firebase SDK using the refresh token (see next numbered bullet).

Does firebase refresh token expire?

Firebase ID tokens are short lived and last for an hour; the refresh token can be used to retrieve new ID tokens. Refresh tokens expire only when one of the following occurs: The user is deleted. The user is disabled.

How long does a firebase token last?

The Firebase Admin SDK has a built-in method for creating custom tokens. At a minimum, you need to provide a uid , which can be any string but should uniquely identify the user or device you are authenticating. These tokens expire after one hour.


1 Answers

onIdTokenChanged is triggered anytime the ID token changes. It won't fire if the ID token is expired. It will fire if a new ID token is refreshed, new user signs in or existing user signs out.

Firebase automatically refreshes if it needs to. For example if you are using real time database or Firestore, they will automatically refresh the token after it expires since they require a persistent connection and an ID token for that. This will cause that listener to trigger.

getIdToken() will cache the unexpired token and if you call it and it detects expiration, it will automatically refresh the ID token which will trigger that listener.

BTW, getToken() is deprecated. You should use getIdToken instead.

like image 61
bojeil Avatar answered Oct 04 '22 21:10

bojeil