问题
My App is on Flutter and I am using offline persistence because my users can stay up to 4 hours before having an Internet connection again. I have read that Refresh Tokens are long-lived and in theory "never expire", however in my tests I have noticed that there is a big difference between IOS and Android sessions:
The tests I'm doing are the following:
- I open the App with Internet Connection and I proceed to authentication process (Firebase Auth behind the lines).
- I use the App and then activate the Offline mode
- I Minimize the application
- I activate airplane mode so the device doesn't have Internet Connection (Offline Mode)
- I check some time later if the App is still within the session, so that I can continue entering data in Offline mode.
The results I have so far are:
On IOS:
The session remains active in offline mode. I have tested for 75 mins, 120 mins and the last test I did for 4 hours. I couldn't guarantee that the session never expires, but it does seem to be long-lasting.
On Android:
The session remains active if I enter before 25 minutes.
I can keep the session active while offline, as long as I manipulate the App at least once every 25 minutes (I tried a sequence of 5 cycles of 25 minutes)
If it has been minimized and offline for more than 30 minutes, it asks me again for credentials (which is impossible to get because I am offline)
My questions are:
1. What is the difference in the duration of the offline session after a Firebase authentication when the operating system is IOS or when it is Android?
2. Is there a real measure of how long a Firebase Auth session lasts when the device is offline?
3. Is there a way to modify this parameter to obtain longer sessions? I would like at least 12 hours or it never expires.
ATTACHMENTS:
Test Devices:
IOS: Iphone X. IOS Version 14.2
Android: Samsung J2 Android Version 8.1.0
Flutter Code:
The way I am authenticating users using a provider is like following:
class UsuarioProvider {
final FirebaseAuth _firebaseAuth;
DatabaseReference db = FirebaseDatabase.instance.reference();
UsuarioProvider({FirebaseAuth firebaseAuth})
: _firebaseAuth = firebaseAuth ?? FirebaseAuth.instance;
Future <Map<String, dynamic>> signIn(String email, String password) async {
try {
UserCredential result = await FirebaseAuth.instance.signInWithEmailAndPassword(email: email, password: password);
User user = result.user;
return {'ok' : true, 'localId': user.uid, 'email' : user.email};
} catch (e) {
print(e);
return {'ok': false, 'code': '${e.code}', 'mensaje': '${e.message}' };
}
}
The way I'm using to call firebase is:
void main() async {
WidgetsFlutterBinding.ensureInitialized();
await Firebase.initializeApp();
FirebaseDatabase database;
database = FirebaseDatabase.instance;
database.setPersistenceEnabled(true);
database.setPersistenceCacheSizeBytes(10000000);
runApp(MyApp());
}
回答1:
How long does a Firebase Auth session last when the user is offline?
Firebase Authentication is based on two tokens: a refresh token that never expires, and an ID token that expires an hour after it's minted and is auto-refreshed by the SDKs.
As covered in my answer to your previous question, there is no way to extend an ID token, so if the user is offline it will expire. Hence, you should reframe the question from "when does it expire?" to "what do the SDKs do when the ID token has expired?"
The database SDK for example will continue to process reads and queue up writes when the user is offline. If will even continue to do so when the ID token has expired, since the SDK doesn't determine whether authentication is required: the database security rules typically do that.
When the connection to the server is restored, the database client waits until the ID token is refreshed, before it sends pending writes to the server, to ensure those writes are processed auth an up to date authentication state.
Your problem is not that your authentication session/ID tokens expires, it's that some part of the app or the SDKs on Android is asking the user to re-enter their credentials. Troubleshooting this problem should start with figuring out where that prompt comes from.
来源:https://stackoverflow.com/questions/65397458/how-long-does-a-firebase-auth-session-last-when-the-user-is-offline