Android-Firebase用户身份验证令牌会过期吗? [英] Android - Do Firebase User Auth Tokens Expire?
问题描述
我决定使用Volley并使用Firebase进行RESTful路由,因为当没有互联网连接时,他们的监听器似乎会挂起.至少通过Volley,它可以让我知道网络请求是否由于互联网连接而失败.
I decided to use Volley and go the RESTful route with Firebase since their listeners seem to hang when there's no internet connection. At least with Volley, it lets me know if a network request was not successful due to internet connection or not.
我需要知道FirebaseUser身份验证令牌是否到期.在我的应用中,我仅允许Google和Facebook身份验证,并且使用以下代码,假设Firebase用户身份验证令牌不过期:
I need to know whether FirebaseUser auth tokens expire or not. In my app, I only allow Google and Facebook authentication, and I use the following code assuming that Firebase user auth token DO NOT expire:
private String authToken;
// Callbacks
public interface ApiCallbacks {
public void onSuccess(JSONObject response);
public void onError(String errorString);
}
private interface AuthTokenCallbacks {
public void onAuthTokenSuccess();
public void onAuthTokenError(String errorString);
}
// Request Helpers
private void getAuthToken(final AuthTokenCallbacks callbacks) {
// Lazy instantiation
if (authToken == null) {
FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();
if (user == null) {
callbacks.onAuthTokenError("Please log in");
} else {
user.getToken(false).addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
@Override
public void onComplete(@NonNull Task<GetTokenResult> task) {
if (task.isSuccessful()) {
authToken = task.getResult().getToken();
callbacks.onAuthTokenSuccess();
} else {
callbacks.onAuthTokenError("Please log in");
}
}
});
}
} else {
callbacks.onAuthTokenSuccess();
}
}
public void sendGetRequestTo(final String endpoint, final HashMap<String, String> arguments, final RequestQueue requestQueue, final String tag, final ApiCallbacks callbacks) {
// Only execute get request if we have an auth token
getAuthToken(new AuthTokenCallbacks() {
@Override
public void onAuthTokenSuccess() {
final String requestUrl = getRequestUrlString(endpoint, arguments);
JsonObjectRequest request = new JsonObjectRequest(Request.Method.GET, requestUrl, null, new Response.Listener<JSONObject>() {
@Override
public void onResponse(JSONObject response) {
callbacks.onSuccess(response);
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
callbacks.onError(error.toString());
}
});
request.setTag(tag);
requestQueue.add(request);
}
@Override
public void onAuthTokenError(String errorString) {
callbacks.onError("Please log in");
}
});
}
这是正确的方法吗?我只需要知道我是否朝着正确的方向前进,因为我不希望将来的身份验证令牌过期(如果有的话)的问题.
Is this the correct way of doing it? I just need to know if I'm going in the right direction because I don't want future problems with my auth tokens expiring (if they do).
EDIT
EDIT
我忘了提到我的final String requestUrl = getRequestUrlString(endpoint, arguments);方法基本上是在URL末尾添加auth=authTokenString来构造URL请求字符串.
I forgot to mention that my final String requestUrl = getRequestUrlString(endpoint, arguments); method basically constructs the url request string with auth=authTokenString appended at the end of my url.
推荐答案
Yes, they do expire (you can check out the expiration date at jwt.io). If you don't force a refresh (i.e. user.getToken(false)), the returned token will be updated only if it has expired. If you pass true to getToken(...), a new token will be created which also involves the linked providers' token validation on the firebase servers (e.g. validating against Facebook whether the user still has his/her account linked). Note that the latter counts towards your daily token service quotas, so make sure you use it only when it's necessary.
这篇关于Android-Firebase用户身份验证令牌会过期吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
