问题
Question
From the following situations, I could see two different tokens:
- After completing the sign-up, I get the first Firebase ID Token.
- I'm getting a new JWT when I come back to my app after completely signing out.
What I've found
const app = express();
app.use((req, res, next) => {
if (!req.headers.authorization)
return res.status(403).json({ message: 'Missing Authorization Header' });
const jwt = req.headers.authorization.trim();
return admin.auth().verifyIdToken(jwt).then((decodedToken) => {
const uid = decodedToken.uid; // Exists
const displayName = decodedToken.name; // No displayName, object Undefined
const photoURL = decodedToken.picture; // No photoURL, object Undefined
next();
});
});
Even though I've updated the user's default profile by calling the function below, it seems like ID token does not contain user's displayName and photoURL.
initializeUserProfile(name: string, photoURL: string) {
let data = {
displayName: name,
photoURL: photoURL
};
this.afAuth.auth.currentUser.updateProfile(data).then(() => {
this.getUsersRef(this.currentUserId).update(data); // Save data to firestore
}).catch((err) => console.log(err));
}
Note: After the sign-out and successfully logged into the app, the token's length gets much longer than the previous token. Also, it does contain displayName and photoURL as well.
I've also posted my related issue here, and it seems like the token causes the problem.
Why am I getting a new token? And how can I resolve this issue?
回答1:
To get a new ID token with the latest claims after you update the profile via updateProfile, you can simply force token refresh by calling: currentUser.getIdToken(true).
Note, naturally on token refresh when the token is expired, the new token will automatically pick up the latest claims with the profile changes. To get this immediately, you can force refresh.
来源:https://stackoverflow.com/questions/48606298/firebase-why-am-i-getting-firebase-id-tokens-twice