如何在Firebase 3.x.x中处理自定义Firebase令牌到期 [英] How to handle custom firebase token expiry in Firebase 3.x.x
问题描述
我已使用" signInWithCustomToken()"对Firebase用户进行身份验证.
I have used "signInWithCustomToken()" to authenticate firebase user.
此令牌将在1小时后过期.
This token expires in 1 hour.
Firebase建议令牌到期时间为1小时.如果我们修改 Firebase使用"php-jwt"库创建自定义令牌时到期 引发异常自定义令牌格式不正确.请检查 文档".
Firebase has recommended token expiration to 1 hour. If we modify the expiry while creating custom token using "php-jwt" library, firebase throws exception "The custom token format is incorrect. Please check the documentation".
在寻找解决方案时,我发现以下线程- " Firebase Android身份验证失败:expired_token(Auth令牌已过期) )"
While searching for solutions, I found following thread- "Firebase Android Authentication failed: expired_token (Auth token is expired)"
但是" onTokenRefresh()"返回的刷新令牌对我不起作用.
But refreshed token returned by "onTokenRefresh()" doesn't work for me.
刷新此自定义令牌的过程是什么?
What will be the procedure to refresh this custom token?
或
是否可以将自定义令牌设置为手动过期?
Is there a way to set manual expiry to custom token?
推荐答案
Firebase自定义令牌生成存在限制. Firebase自定义身份验证令牌的上限为1小时(3600秒).
There is a limitation with the Firebase custom token generation. Firebase custom auth token is limited to max 1Hr(3600sec).
exp 令牌到期的时间(以秒为单位).可以在 比iat最多晚3600秒.
exp The time, in seconds, at which the token expires. It can be at a maximum 3600 seconds later than iat.
如果身份验证令牌每小时过期一次,那么我们将很难一直保持有效会话:(
If auth token expires every hour, its difficult for us to maintain the valid session all the time :(
当我们使用默认的Auth提供程序(例如Google,Facebook,Email ..)时;默认情况下,Firebase SDK将负责刷新您的Auth令牌.但是在自定义身份验证中,Firebase SDK需要联系第三方服务器以获取新令牌. 这里只有SDK无法刷新令牌!
When we use default Auth providers like (Google, Facebook, Email..); Firebase SDK will take care of refreshing your Auth token by default. But in custom authentication, Firebase SDK need to contact 3rd party server to fetch new token. Here only SDK is failing to refresh the token!
我的解决方法是,保持"last-token-fetch-time"每个地方的信息 成功获取令牌,因此我们可以在一小时后手动刷新令牌.
My workaround is, maintain a "last-token-fetch-time" info at local on every successful token fetch, so that we can refresh the token manually after one hour.
您可以参考此问题日志以获取更多信息,
You can refer this issue log for more info,
- https://github.com/firebase/quickstart-android/issues/31
- In Firebase 9.0.0 API, how to check the user has valid Auth session or not?
更新:
Google更新了他们的文档,
Google updated their document,
exp(到期时间):自UNIX时代以来以秒为单位的令牌到期的时间.最多可能是3600秒后 比IAT. (注意:这仅控制自定义令牌的时间 本身到期.但是一旦您使用登录用户 signInWithCustomToken(),它们将保持登录设备的状态 直到会话无效或用户退出.)
exp (Expiration time): The time, in seconds since the UNIX epoch, at which the token expires. It can be a maximum of 3600 seconds later than the iat. (Note: this only controls the time when the custom token itself expires. But once you sign a user in using signInWithCustomToken(), they will remain signed in into the device until their session is invalidated or the user signs out.)
如文档所述,自定义JWT令牌的最大有效期限为1小时;因此,在过期之前,请使用Firebase对您的用户进行身份验证.该会话之后将保持活动状态;它不会过期!
As document says, custom JWT token is valid for max 1Hr; so before it expires, authenticate your user with Firebase. After that session will remain active; It wont expire!
您可以使用以下方法来确保用户具有有效的会话,
You can use below method to ensure that user has valid session,
public static boolean hasValidAuthToken() {
return FirebaseAuth.getInstance().getCurrentUser() != null ? true : false;
}
希望这对您有帮助!
这篇关于如何在Firebase 3.x.x中处理自定义Firebase令牌到期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
