I used Firebase Quickstarts for Android Auth sample, Then I created a user in firebase dashboard to login the user with email and password, the user logged in successfully. But when I deleted the user, it still logged in and showing the old user's email from (user.getEmail())
// [START auth_state_listener]
mAuthListener = new FirebaseAuth.AuthStateListener() {
@Override
public void onAuthStateChanged(@NonNull FirebaseAuth firebaseAuth) {
FirebaseUser user = firebaseAuth.getCurrentUser();
if (user != null) {
// User is signed in
Log.d(TAG, "onAuthStateChanged:signed_in:" + user.getEmail());
} else {
// User is signed out
Log.d(TAG, "onAuthStateChanged:signed_out");
}
// [START_EXCLUDE]
updateUI(user);
// [END_EXCLUDE]
}
};
// [END auth_state_listener]
No users in my firebase dashboard and the AuthStateListener indecate that the user is signed in.
how could that be possible ?
The recommended way to get the current user is by setting an observer on the Auth object: firebase.auth ().onAuthStateChanged (function (user) { if (user) { // User is signed in. } else { // No user is signed in. } }); By using an observer, you ensure that the Auth object isn't in an intermediate state—such as initialization—when you get ...
After you use createUserWithEmailAndPassword in this example, your current user will be given a random UID, this random UID will be permanent for each login that user does inside your app. This same process is for all different auth providers that firebase support.
This means that the SDK is not going to block the main thread of execution in order to deliver data — the object containing the currently signed in user is no exception. In fact, the Firebase Auth SDK requires at least one, and possibly two steps, to take in order to deliver a valid current user object:
Here’s some Kotlin you can use to build a LiveData that exposes Firebase Auth user state: This code creates an extension function on FirebaseAuth that lets you build a new LiveData that emits a sealed class with the three possible states. This LiveData could be a singleton in your app that any component can use to track user state.
Deleting an account does not automatically expire the current session(s) for that account. Their current sessions will remain valid until they expire. You can set the session expiration interval in your Firebase Dashboard.
If you want to force the user to be logged out, call ref.unauth()
.
When a user updates their email, password or resets their password. Firebase Auth backend revokes their tokens requiring that they reauthenticate or try to sign in again. This is a security feature. For example a user may reset their password if their account was compromised. All other sessions must reauthenticate.
If you keep the user profiles in your database, you can check whether that record still exists in your security rules: root.child('users').child(auth.uid).exists()
.
Also see:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With