We have a design approach which is creating a topic for each registered user.
- Creating a new user
- Save it to our database with a generated token
- Subscribe to
/topics/{user-token} when user login on android or ios device.
So if user have more than one device and if we want to send a user specific notification, we just send it to /topics/{user-token} so it received by all devices.
We've not encountered any problem with a few users yet, but is that ok for Firebase limitations and is it a good approach?
(I am moving my comments into an answer)
Most of the times creating an FCM TOPIC per user is NOT a good idea.
Messages sent to an FCM TOPICS are public. Any user (even from a different app) can subscribe to /topics/{user-name} and receive those messages.
Example:
Another developer can copy the google-services.json file from your apk.
Then he can subscribe to any topic.
To intercept your user messages the attacker still need to guess the {user-name} or any other identifier you are using. But if you assume this can happen then the issue is big because you would never know if someone is receiving a copy of your messages, and you usually never change {user-name}.
This is not a security issue of FCM. This is part of the topic API design.
If you need secure messages you can send them directly to the device token.
If you still want to do one topic per user, please pay attention to not send sensitive data, or data that should not be intercepted by third parties.
