1. 技术文章
  2. Why firebase user still signed in after I deleted it from firebase dashboard

Why firebase user still signed in after I deleted it from firebase dashboard

被刻印的时光 ゝ 提交于 2019-12-17 20:17:53

问题


I used Firebase Quickstarts for Android Auth sample, Then I created a user in firebase dashboard to login the user with email and password, the user logged in successfully. But when I deleted the user, it still logged in and showing the old user's email from (user.getEmail()) 

// [START auth_state_listener]
    mAuthListener = new FirebaseAuth.AuthStateListener() {
        @Override
        public void onAuthStateChanged(@NonNull FirebaseAuth firebaseAuth) {
            FirebaseUser user = firebaseAuth.getCurrentUser();
            if (user != null) {
                // User is signed in
                Log.d(TAG, "onAuthStateChanged:signed_in:" + user.getEmail());
            } else {
                // User is signed out
                Log.d(TAG, "onAuthStateChanged:signed_out");
            }
            // [START_EXCLUDE]
            updateUI(user);
            // [END_EXCLUDE]
        }
    };
    // [END auth_state_listener]

No users in my firebase dashboard and the AuthStateListener indecate that the user is signed in.

how could that be possible ?


回答1:


Deleting an account does not automatically expire the current session(s) for that account. Their current sessions will remain valid until they expire. You can set the session expiration interval in your Firebase Dashboard.

If you want to force the user to be logged out, call ref.unauth().

But in general you'll likely want to build authorization rules to prevent such users with valid tokens from deleted accounts to make changes to the data.

When a user updates their email, password or resets their password. Firebase Auth backend revokes their tokens requiring that they reauthenticate or try to sign in again. This is a security feature. For example a user may reset their password if their account was compromised. All other sessions must reauthenticate.

If you keep the user profiles in your database, you can check whether that record still exists in your security rules: root.child('users').child(auth.uid).exists().

Also see:

  • Firebase authentication not revoked when user deleted?
  • Deletion of User in firebase does not trigger onAuth method


来源:https://stackoverflow.com/questions/37733576/why-firebase-user-still-signed-in-after-i-deleted-it-from-firebase-dashboard

标签
android
firebase-authentication
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!