Properly log out a user from android app

Question

I\'m developing a small android app, and basically so far it just has login and logout functionality. I\'m using Firebase to store user data and also for authentication.

Answer 1

private void sendToLogin() { //funtion
    GoogleSignInClient mGoogleSignInClient ;
    GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
        .requestIdToken(getString(R.string.default_web_client_id))
        .requestEmail()
        .build();
    mGoogleSignInClient = GoogleSignIn.getClient(getBaseContext(), gso);
    mGoogleSignInClient.signOut().addOnCompleteListener(/*CURRENT CLASS */.this,
        new OnCompleteListener<Void>() {  //signout Google
            @Override
            public void onComplete(@NonNull Task<Void> task) {
                FirebaseAuth.getInstance().signOut(); //signout firebase
                Intent setupIntent = new Intent(getBaseContext(), /*To ur activity calss*/);
                Toast.makeText(getBaseContext(), "Logged Out", Toast.LENGTH_LONG).show(); //if u want to show some text
                setupIntent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP);
                startActivity(setupIntent);
                finish();
            }
        });
}

this code is written to work as copy past just read COMMENTS in code to customize it to ur needs, i prefer to send user to login

Answer 2

When Firebase authenticates the user (or you authenticate the user with Firebase), it stores the token for that user in local storage on your device. This happens when you call one of the authWith... methods (of course only if it successfully authenticates the user).

Calling ref.unauth(); immediately deletes that token from local storage.

A properly implemented flow would not automatically re-authenticate them when the user presses the back button, but that depends on the flow you implement (which is missing from your question and would likely be too much code anyway).

Answer 3

From Firebase docs

https://firebase.google.com/docs/auth/android/custom-auth

call this FirebaseAuth.getInstance().signOut();

Answer 4

You can replace finish() with finishAffinity();

Answer 5

I see 2 options for the issue we have with the back-Button after Logout:

In your LoginActivity, wich should be you launcher activity, Override onBackPressed Method and leave it empty:

    @Override
public void onBackPressed() {
// empty so nothing happens
}

Or/and you can add the LoginActivityIntent in your LogoutActivty if user == null. This way, whenever a not authenticated user lands on the activity, it will redirect to the LoginActivity instantly, although this looks kinda weird.

        mAuth = FirebaseAuth.getInstance();
    mAuthListener = new FirebaseAuth.AuthStateListener() {
        @Override
        public void onAuthStateChanged(@NonNull FirebaseAuth firebaseAuth) {
            FirebaseUser user = firebaseAuth.getCurrentUser();
            if (user != null) {
                // User is signed in
                Log.d(TAG, "onAuthStateChanged:signed_in:" + user.getUid());
            } else {
                // User is signed out
                Log.d(TAG,"onAuthStateChanged:signed_out");
                startActivity(new Intent(LogoutActivity.this, LoginActivity.class));
            }
            // ...
        }
    };

First Option is easier, but I guess if you apply both your on the save side ^^ Im coding for 2 weeks now so correct me if im wrong.

Answer 6

Delete tokens and Instance IDs

String authorizedEntity = PROJECT_ID;  
String scope = "GCM";
FirebaseInstanceID.getInstance(context).deleteToken(authorizedEntity,scope);

You can also delete the Instance ID itself, including all associated tokens. The next time you call getInstance() you will get a new Instance ID:

FirebaseInstanceID.getInstance(context).deleteInstanceID();
String newIID = InstanceID.getInstance(context).getId();