Menu
I'm using the Firebase email/password authentication. After the user has signed in successfully I query the access token the following way:
FirebaseUser mUser = FirebaseAuth.getInstance().getCurrentUser();
mUser.getIdToken(true)
.addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
public void onComplete(@NonNull Task<GetTokenResult> task) {
if (task.isSuccessful()) {
String idToken = task.getResult().getToken();
// Send token to your backend via HTTPS
// ...
} else {
// Handle error -> task.getException();
}
}
});
According to the Firebase documentation the access token expires after 1 hour. To handle the case to have always the current access token in my app, I was looking for a solution and I found in the firebase documentation that I have to register a Firebase.IdTokenListener to listen to the
onIdTokenChanged event
My question is: Is the
onIdTokenChanged event
automatically fired if the access token expired?
In case the event is not automatically fired after the access token has expired, what would be the coorect approach to query "manually" for a new/updated Access token with the
"FirebaseAuth.getInstance().getCurrentUser().getIdToken(boolean)"
method?
I know, that If I call the
mUser.getToken(true)
then the mentioned event is fired and the
IdTokenListener
is triggered. But this is not what I'm looking.
619
An ID token is passed down to the client device as a result of the signInWithCustomToken() method. These tokens expire after one hour, but are automatically refreshed by the Firebase SDK using the refresh token (see next numbered bullet).
Firebase ID tokens are short lived and last for an hour; the refresh token can be used to retrieve new ID tokens. Refresh tokens expire only when one of the following occurs: The user is deleted. The user is disabled.
The Firebase Admin SDK has a built-in method for creating custom tokens. At a minimum, you need to provide a uid , which can be any string but should uniquely identify the user or device you are authenticating. These tokens expire after one hour.
onIdTokenChanged is triggered anytime the ID token changes. It won't fire if the ID token is expired. It will fire if a new ID token is refreshed, new user signs in or existing user signs out.
Firebase automatically refreshes if it needs to. For example if you are using real time database or Firestore, they will automatically refresh the token after it expires since they require a persistent connection and an ID token for that. This will cause that listener to trigger.
getIdToken() will cache the unexpired token and if you call it and it detects expiration, it will automatically refresh the ID token which will trigger that listener.
BTW, getToken() is deprecated. You should use getIdToken instead.
61
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
