需要Firebase重新验证 [英] Firebase re-authentication required

问题描述

我们正在研究一个使用Google来验证Firebase的iOS应用。根据 https://www.firebase.com/docs/ios/guide/ user-auth.html＃section-login Firebase表示，认证令牌每24小时过期一次。
我们想知道下列情况是否需要考虑：

1. 用户使用Google和Firebase进行身份验证


2. 我们的应用程序会获得一个在24小时后过期的Firebase身份验证令牌


3. 用户关闭我们的iOS应用程序


4. Firebase身份验证令牌到期，用户重新打开应用程序


5. 一分钟后，我们向Firebase发出请求。验证令牌已过期。

似乎我们必须通过观察每个https://www.firebase.com/docs/ios/guide/user-auth.html#section-监测认证。但是，我们是否需要重新向上面＃5的Firebase发出相同的请求？
此外，似乎我们可以在cancelBlock中重新进行验证：
$ b

 [ref observeEventType：FEventTypeValue withBlock：^（FDataSnapshot * snapshot ）{
 NSLog（@％@，snapshot.value）; 
} withCancelBlock：^（NSError * error）{
 NSLog（@％@，error.description）; 
 //重新验证，然后重新发出请求？ 
}]; 
  

这并不理想，因为在我们提出请求的任何地方我们都必须写这个代码。 / p>

处理这种情况的最佳做法是什么？
当验证令牌接近到期时，Firebase是否自动刷新？

Firebase版本及其SDK。 Firebase（3.X）的当前版本使您更容易，因为Firebase会记住用户上次登录您的应用程序的方式。

所以您应该简单地调用
FIRApp.configure（）像往常一样在应用程序中：didFinishLaunchingWithOptions launchOptions：，然后在应用程序启动时添加一个状态侦听器，如

<$ p $在
中使用FIRAuth.auth（）?. addStateDidChangeListener（）{（auth，firUser）更新UI





$ b

然后，监听器将在应用程序启动时自动被调用通过Firebase随时随地对用户进行更改，而令牌则由Firebase在后台处理，即您不必处理过期令牌。 （如果您使用自定义身份验证系统，则可能会更复杂） 。

We are working on an iOS app that is using Google to authenticate with firebase. According to https://www.firebase.com/docs/ios/guide/user-auth.html#section-login Firebase says that auth tokens expire every 24 hours. We are wondering if the following scenario is something we need to consider:

1. User authenticates with Google and Firebase
2. Our app gets a Firebase auth token that expires in 24 hours
3. User closes our iOS app
4. 1 minute before the Firebase auth token expires, the user reopens the app
5. A minute later we make a request to Firebase. The auth token has expired.

It seems we have to reauthenticate with Firebase by observing authentication changes per https://www.firebase.com/docs/ios/guide/user-auth.html#section-monitoring-authentication. But will we have to re-issue the same request to Firebase from #5 above? Also it seems we could reauthenticate in the cancelBlock:

[ref observeEventType:FEventTypeValue withBlock:^(FDataSnapshot *snapshot) {
    NSLog(@"%@", snapshot.value);
} withCancelBlock:^(NSError *error) {
    NSLog(@"%@", error.description);
    // reauthenticate and then re-issue request?
}];

This would not be ideal because we would have to write this code everywhere that we make a request.

What are the best practices to deal with this scenario? Does Firebase automatically refresh the auth token when it's close to expiry?

解决方案

Obviously, the question was regarding an old version of Firebase and its SDK. The current version of Firebase (3.X) makes it easier for you since Firebase remembers how the user was last logged in your app.

So you should simply call FIRApp.configure() as always e.g. in your application: didFinishLaunchingWithOptions launchOptions: and then add a state listener also at the launch of your app like

FIRAuth.auth()?.addStateDidChangeListener() { (auth, firUser) in 
// do something with firUser, e.g. update UI
}

The listener will then automatically be invoked around the time of your application launch by Firebase whenever something changes about your user and the tokens are handled in the background by Firebase, i.e. you don't have to deal with expired tokens. (It may be more complex if you use a Custom Auth System).

这篇关于需要Firebase重新验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！