捕获401并刷新Firebase ID令牌 [英] Catching 401 and refreshing Firebase Id Token

问题描述

我的应用程序使用Firebase通过电话号码对用户进行身份验证，这是从Digits迁移而来的. 我将来自Firebase的idToken添加到调用中. 如果401被甩了，我会在我的httpclient上监听一个拦截器，如果是的话，我注销了.

My app uses Firebase to authenticate users by phone number, a migration from Digits. I add the idToken from Firebase to my calls. I listen with an interceptor on my httpclient if a 401 was trown, if so, I logged out.

一小时后，我注意到401进来了，所以我在App类中添加了addIdTokenListener.当它更改时，我将更新令牌以对我的呼叫进行签名. 它有效，但并非完美无缺，有时会抛出401，但我仍将用户注销...

I noticed after one hour the 401 came in, so I added an addIdTokenListener in my App class. When it changes I update my token to sign my calls. It worked, but not flawless, sometimes a 401 was thrown and I still logged the user out...

我在拦截器中写一些东西来从用户那里获取IdToken，但是调用firebaseUser.getIdToken()是异步的.所以，我想让事情变得复杂起来.

I am writing something in my interceptor to get the IdToken from the user, but the call firebaseUser.getIdToken() is async. So I'm starting to make things complicated, I guess.

有人能指出我正确的方向吗?您的工作流程是什么?

Could anyone point me in the right direction? What is your workflow?

推荐答案

您正在朝正确的方向前进.您可能想做的一件事是根据ID令牌验证失败的原因稍微改变一下逻辑.您可以自己解压ID令牌数据并检查有效期限场地.如果令牌已过期，请在再次尝试调用之前返回另一个代码，以触发检索过程.

You're going in the right direction. One thing you may want to do is alter your logic a little based on the reason for the ID token validation failure. You can unpack the ID token data yourself and check the expiration field. If the token has expired, return a different code that triggers the retrieval process, before trying the call again.

这篇关于捕获401并刷新Firebase ID令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！