问题
I am currently using Firebase on a client application (Cordova based mobile app) using the firebase user authentication methods on the client:
- signInWithEmailAndPassword
- FacebookAuthProvider
From my current understanding and experience with the sessions expiring:
"Authentication sessions don't expire with Firebase login. But the ID token will have to be refreshed hourly, to keep access to the services."
I assume this would mean I should just write a background process method that runs every 59 minutes and run the firebase method:
firebase.auth().currentUser.getIdToken(true) // true indicates according to firebase docs to forceRefresh regardless of the current tokens expiration.
I am just looking to make sure that I have wrapped my head around this.
I'm going with something simple like this... this should probably do the trick:
let firebaseTokenRefresh = setInterval(function(){
console.log('running firebase token refresh...');
// true = forceRefresh
firebase.auth().currentUser.getIdToken(true);
}, 3540000); // 59 minutes firebase token refresh (1 hr expiration)
Thanks.
回答1:
There is no need to proactively refresh the token (it is too expensive to do so). Anytime you need an ID token, you just call user.getIdToken(). This will either return the cached unexpired token or refresh it if the current one is expired. You can call that anytime you are sending an authenticated request to your server.
If you are using Firestore or Realtime database, they will automatically refresh the token for you anytime they need on. You can listen to token updates via auth.onIdTokenChanged() listener.
来源:https://stackoverflow.com/questions/52879989/firebase-tokens-expiration-and-best-practice-for-handling-refresh-tokens