Firebase身份验证持续时间太长 [英] Firebase authentication duration is too persistent

问题描述

上下文的位，我试图使用Firebase进行身份验证和数据存储。由于我的应用程序涉及潜在的敏感数据，因此Firebase提供的保密功能（所有Firebase通信都是通过HTTPS根据其博客完成的）似乎是保证我的数据安全的好方法。实际上，我使用Firebase的唯一问题是验证时间长于应有的时间。据我所知，它持续通过设备重置，应用程序重建和连接丢失。更糟的是，我不知道它持续多久。我试过在线搜索，但是我找不到任何地方的信息。据我所知，它持续一天左右，但这只是一个猜测。我使用电子邮件和密码作为登录凭证。

我的问题有两个部分，有人知道Firebase身份验证的默认持续时间，有谁知道如何缩短它？否则有没有其他服务类似的Firebase，您可以设置身份验证的持续时间？

如果我可以缩短持续时间到4小时Firebase将是完美的，其他明智的，我可能不得不实施我自己的身份验证，因为只要Firebase的身份验证持续时间太长，就不会有太大的安全感。

身份验证（对于3.x或更高版本的SDK）使用两种令牌：

1. 标识用户的令牌。这个令牌是在用户使用应用登录时创建的，并且不会过期。要摆脱此令牌，请注销该用户。




2. 允许用户访问Firebase后端的令牌。此令牌基于以前的令牌，有效期为一小时，并由Firebase SDK自动创建和刷新。

Bit of context, I am trying to use Firebase for both authentication and data storage. Since my application deals with potentially sensitive data, the confidentiality features offered by Firebase (all Firebase communication is done via HTTPS according to their blog) seems like a great way to keep my data secured. In fact, the only problem I have with Firebase is that authentication last far longer than it should. As far as I can tell, it lasts through device resets, application rebuilds and loss of connection. Even worse, I have no idea how long it persists for. I've tried searching online but I can't find the information anywhere. As far as I can tell, it lasts around a day, but that's just a guess. I am using email and password as credentials for my sign in.

My question has two parts, does anyone know the default duration of Firebase authentication and does anyone know how to shorten it? Otherwise are there any other services that are similar to Firebase where you can set the authentication duration?

If I could shorten the duration to 4 hours Firebase would literally be perfect, other wise I might have to implement my own authentication, since authentication that last's for as long as Firebase is far too insecure.

解决方案

Firebase Authentication (for 3.x or higher SDKs) uses two types of tokens:

1. A token that identifies the user. This token is created when the users signs in with the app and does not expire. To get rid of this token, sign out the user.

2. A token that allows the user to access the Firebase back-end. This token is based on the previous token, is valid for an hour, and is automatically created and refreshed by the Firebase SDKs.

这篇关于Firebase身份验证持续时间太长的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！