Geek Answers Handbook

Android - Have a Firehase Auth Tokens Expire user?

I decided to use Volley and go the RESTful route with Firebase , as their listeners seem to hang when there is no internet connection. At least with Volley, it lets me know if the network request was not successful due to an Internet connection or not.

I need to know if the token t2> auth expires or not. In my application, I only allow Google and Facebook authentication, and I use the following code, assuming that the Firebase user authentication token does NOT expire:

 private String authToken; // Callbacks public interface ApiCallbacks { public void onSuccess(JSONObject response); public void onError(String errorString); } private interface AuthTokenCallbacks { public void onAuthTokenSuccess(); public void onAuthTokenError(String errorString); } // Request Helpers private void getAuthToken(final AuthTokenCallbacks callbacks) { // Lazy instantiation if (authToken == null) { FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser(); if (user == null) { callbacks.onAuthTokenError("Please log in"); } else { user.getToken(false).addOnCompleteListener(new OnCompleteListener<GetTokenResult>() { @Override public void onComplete(@NonNull Task<GetTokenResult> task) { if (task.isSuccessful()) { authToken = task.getResult().getToken(); callbacks.onAuthTokenSuccess(); } else { callbacks.onAuthTokenError("Please log in"); } } }); } } else { callbacks.onAuthTokenSuccess(); } } public void sendGetRequestTo(final String endpoint, final HashMap<String, String> arguments, final RequestQueue requestQueue, final String tag, final ApiCallbacks callbacks) { // Only execute get request if we have an auth token getAuthToken(new AuthTokenCallbacks() { @Override public void onAuthTokenSuccess() { final String requestUrl = getRequestUrlString(endpoint, arguments); JsonObjectRequest request = new JsonObjectRequest(Request.Method.GET, requestUrl, null, new Response.Listener<JSONObject>() { @Override public void onResponse(JSONObject response) { callbacks.onSuccess(response); } }, new Response.ErrorListener() { @Override public void onErrorResponse(VolleyError error) { callbacks.onError(error.toString()); } }); request.setTag(tag); requestQueue.add(request); } @Override public void onAuthTokenError(String errorString) { callbacks.onError("Please log in"); } }); }

Is this the right way to do this? I just need to know if I will go in the right direction, because I do not want future problems with my authentication tokens to end (if any).

EDIT

I forgot to mention that my final String requestUrl = getRequestUrlString(endpoint, arguments); method final String requestUrl = getRequestUrlString(endpoint, arguments); basically creates a url query string with auth=authTokenString added at the end of my url.

+7
android firebase firebase-authentication
source share
1 answer

Yes, they expire (you can check the expiration date on jwt.io ). If you do not force the update (i.e. user.getToken(false) ), the returned token will only be updated if it has expired. If you go from true to getToken(...) , a new token will be created, which will also include checking the tokens of related providers on firebase servers (for example, confirming against Facebook whether a user has an associated account). Please note that the latter takes into account your daily token quotas, so make sure you use it only when necessary.

+6
source share

More articles:


All Articles