需要重新进行 Firebase 身份验证 [英] Firebase re-authentication required

问题描述

我们正在开发一款 iOS 应用，该应用使用 Google 对 firebase 进行身份验证.根据 https://www.firebase.com/docs/ios/guide/user-auth.html#section-login Firebase 表示身份验证令牌每 24 小时过期一次.我们想知道以下场景是否是我们需要考虑的:

We are working on an iOS app that is using Google to authenticate with firebase. According to https://www.firebase.com/docs/ios/guide/user-auth.html#section-login Firebase says that auth tokens expire every 24 hours. We are wondering if the following scenario is something we need to consider:

1. 用户通过 Google 和 Firebase 进行身份验证
2. 我们的应用获得了一个 24 小时后过期的 Firebase 身份验证令牌
3. 用户关闭了我们的 iOS 应用
4. 在 Firebase 身份验证令牌到期前 1 分钟，用户重新打开应用
5. 一分钟后，我们向 Firebase 发出请求.身份验证令牌已过期.

似乎我们必须通过观察每个 的身份验证更改来重新对 Firebase 进行身份验证https://www.firebase.com/docs/ios/guide/user-auth.html#section-monitoring-authentication.但是我们是否必须向 Firebase 重新发出上述 #5 中的相同请求?此外，我们似乎可以在取消块中重新进行身份验证:

It seems we have to reauthenticate with Firebase by observing authentication changes per https://www.firebase.com/docs/ios/guide/user-auth.html#section-monitoring-authentication. But will we have to re-issue the same request to Firebase from #5 above? Also it seems we could reauthenticate in the cancelBlock:

[ref observeEventType:FEventTypeValue withBlock:^(FDataSnapshot *snapshot) {
    NSLog(@"%@", snapshot.value);
} withCancelBlock:^(NSError *error) {
    NSLog(@"%@", error.description);
    // reauthenticate and then re-issue request?
}];

这并不理想，因为我们必须在发出请求的任何地方编写此代码.

This would not be ideal because we would have to write this code everywhere that we make a request.

处理这种情况的最佳做法是什么?Firebase 是否会在接近到期时自动刷新身份验证令牌?

What are the best practices to deal with this scenario? Does Firebase automatically refresh the auth token when it's close to expiry?

推荐答案

显然，问题是关于旧版本的 Firebase 及其 SDK.Firebase 的当前版本 (3.X) 让您更轻松，因为 Firebase 会记住用户上次登录您的应用的方式.

Obviously, the question was regarding an old version of Firebase and its SDK. The current version of Firebase (3.X) makes it easier for you since Firebase remembers how the user was last logged in your app.

所以你应该简单地调用FIRApp.configure() 一如既往，例如在您的 应用程序中: didFinishLaunchingWithOptions launchOptions: 然后在您的应用程序启动时添加一个状态侦听器，例如

So you should simply call FIRApp.configure() as always e.g. in your application: didFinishLaunchingWithOptions launchOptions: and then add a state listener also at the launch of your app like

FIRAuth.auth()?.addStateDidChangeListener() { (auth, firUser) in 
// do something with firUser, e.g. update UI
}

当您的用户发生变化时，Firebase 会在您的应用程序启动前后自动调用侦听器，并且 Firebase 在后台处理令牌，即您不必处理过期的令牌.(如果您使用自定义身份验证系统，可能会更复杂).

The listener will then automatically be invoked around the time of your application launch by Firebase whenever something changes about your user and the tokens are handled in the background by Firebase, i.e. you don't have to deal with expired tokens. (It may be more complex if you use a Custom Auth System).

这篇关于需要重新进行 Firebase 身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！