Firebase身份验证持续时间太长 [英] Firebase authentication duration is too persistent
问题描述
我的问题有两个部分,有人知道Firebase身份验证的默认持续时间,有谁知道如何缩短它?否则有没有其他服务类似的Firebase,您可以设置身份验证的持续时间?
如果我可以缩短持续时间到4小时Firebase将是完美的,其他明智的,我可能不得不实施我自己的身份验证,因为只要Firebase的身份验证持续时间太长,就不会有太大的安全感。
身份验证(对于3.x或更高版本的SDK)使用两种令牌:
-
标识用户的令牌。这个令牌是在用户使用应用登录时创建的,并且不会过期。要摆脱此令牌,请注销该用户。
-
允许用户访问Firebase后端的令牌。此令牌基于以前的令牌,有效期为一小时,并由Firebase SDK自动创建和刷新。
Bit of context, I am trying to use Firebase for both authentication and data storage. Since my application deals with potentially sensitive data, the confidentiality features offered by Firebase (all Firebase communication is done via HTTPS according to their blog) seems like a great way to keep my data secured. In fact, the only problem I have with Firebase is that authentication last far longer than it should. As far as I can tell, it lasts through device resets, application rebuilds and loss of connection. Even worse, I have no idea how long it persists for. I've tried searching online but I can't find the information anywhere. As far as I can tell, it lasts around a day, but that's just a guess. I am using email and password as credentials for my sign in.
My question has two parts, does anyone know the default duration of Firebase authentication and does anyone know how to shorten it? Otherwise are there any other services that are similar to Firebase where you can set the authentication duration?
If I could shorten the duration to 4 hours Firebase would literally be perfect, other wise I might have to implement my own authentication, since authentication that last's for as long as Firebase is far too insecure.
Firebase Authentication (for 3.x or higher SDKs) uses two types of tokens:
A token that identifies the user. This token is created when the users signs in with the app and does not expire. To get rid of this token, sign out the user.
A token that allows the user to access the Firebase back-end. This token is based on the previous token, is valid for an hour, and is automatically created and refreshed by the Firebase SDKs.
这篇关于Firebase身份验证持续时间太长的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!