Firebase 身份验证持续时间太持久 [英] Firebase authentication duration is too persistent
问题描述
有点上下文,我正在尝试使用 Firebase 进行身份验证和数据存储.由于我的应用程序处理潜在的敏感数据,Firebase 提供的保密功能(根据他们的博客,所有 Firebase 通信都是通过 HTTPS 完成的)似乎是保护我的数据安全的好方法.事实上,我对 Firebase 的唯一问题是身份验证的持续时间比它应该的要长得多.据我所知,它会持续设备重置、应用程序重建和连接丢失.更糟糕的是,我不知道它会持续多久.我试过在网上搜索,但在任何地方都找不到相关信息.据我所知,它持续大约一天,但这只是一个猜测.我使用电子邮件和密码作为登录凭据.
Bit of context, I am trying to use Firebase for both authentication and data storage. Since my application deals with potentially sensitive data, the confidentiality features offered by Firebase (all Firebase communication is done via HTTPS according to their blog) seems like a great way to keep my data secured. In fact, the only problem I have with Firebase is that authentication last far longer than it should. As far as I can tell, it lasts through device resets, application rebuilds and loss of connection. Even worse, I have no idea how long it persists for. I've tried searching online but I can't find the information anywhere. As far as I can tell, it lasts around a day, but that's just a guess. I am using email and password as credentials for my sign in.
我的问题有两个部分,有谁知道 Firebase 身份验证的默认持续时间,有没有人知道如何缩短它?否则,是否还有其他类似于 Firebase 的服务可以设置身份验证持续时间?
My question has two parts, does anyone know the default duration of Firebase authentication and does anyone know how to shorten it? Otherwise are there any other services that are similar to Firebase where you can set the authentication duration?
如果我能将持续时间缩短到 4 小时,Firebase 就完美了,否则我可能不得不实施我自己的身份验证,因为只要 Firebase 的身份验证就太不安全了.
If I could shorten the duration to 4 hours Firebase would literally be perfect, other wise I might have to implement my own authentication, since authentication that last's for as long as Firebase is far too insecure.
推荐答案
Firebase Authentication(适用于 3.x 或更高版本的 SDK)使用两种类型的令牌:
Firebase Authentication (for 3.x or higher SDKs) uses two types of tokens:
标识用户的令牌.此令牌是在用户使用应用程序登录时创建的,并且不会过期.要删除此令牌,请注销用户.
A token that identifies the user. This token is created when the users signs in with the app and does not expire. To get rid of this token, sign out the user.
允许用户访问 Firebase 后端的令牌.此令牌基于之前的令牌,有效期为一小时,由 Firebase SDK 自动创建和刷新.
A token that allows the user to access the Firebase back-end. This token is based on the previous token, is valid for an hour, and is automatically created and refreshed by the Firebase SDKs.
这篇关于Firebase 身份验证持续时间太持久的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
