21

I'm using the Firebase email/password authentication. After the user has signed in successfully I query the access token the following way:

FirebaseUser mUser = FirebaseAuth.getInstance().getCurrentUser();
mUser.getIdToken(true)
    .addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
    public void onComplete(@NonNull Task<GetTokenResult> task) {
        if (task.isSuccessful()) {
            String idToken = task.getResult().getToken();
            // Send token to your backend via HTTPS
            // ...
        } else {
            // Handle error -> task.getException();
        }
    }
});

According to the Firebase documentation the access token expires after 1 hour. To handle the case to have always the current access token in my app, I was looking for a solution and I found in the firebase documentation that I have to register a Firebase.IdTokenListener to listen to the

onIdTokenChanged event

My question is: Is the

onIdTokenChanged event

automatically fired if the access token expired?

In case the event is not automatically fired after the access token has expired, what would be the coorect approach to query "manually" for a new/updated Access token with the

"FirebaseAuth.getInstance().getCurrentUser().getIdToken(boolean)"

method?

I know, that If I call the

mUser.getToken(true)

then the mentioned event is fired and the

IdTokenListener

is triggered. But this is not what I'm looking.

AppHero2
  • 681
  • 7
  • 25
Degoah
  • 375
  • 1
  • 2
  • 12

1 Answers1

31

onIdTokenChanged is triggered anytime the ID token changes. It won't fire if the ID token is expired. It will fire if a new ID token is refreshed, new user signs in or existing user signs out.

Firebase automatically refreshes if it needs to. For example if you are using real time database or Firestore, they will automatically refresh the token after it expires since they require a persistent connection and an ID token for that. This will cause that listener to trigger.

getIdToken() will cache the unexpired token and if you call it and it detects expiration, it will automatically refresh the ID token which will trigger that listener.

BTW, getToken() is deprecated. You should use getIdToken instead.

bojeil
  • 29,642
  • 4
  • 69
  • 76
  • 4
    Does this mean, that **getIdToken()** has to be called on a regular basis to "check" implicitly whether the token has changed or not? I was assuming, that the underlying Firebase SDK triggers the **onIdTokenChanged** event after expiration and in this way I would just call in my **onIdTokenChanged** event listener **getIdToken()**. This means for me, I've to invoke before every backend API request **getIdToken()** to be on the safe side having the latest id token. Seems to be a bit overhead... – Degoah Apr 08 '18 at 07:30
  • 4
    You don't need to call on a regular basis, you just call it when you are making a request to your server. It will ensure you get a fresh ID token each time. – bojeil Apr 09 '18 at 05:48
  • 1
    "For example if you are using real time database or Firestore, they will automatically refresh the token after it expires since they require a persistent connection and an ID token for that." Is there any reference link for this statement? – Lashae Apr 25 '18 at 13:07
  • 1
    You can test it out. On its own the Auth service will not proactively refresh (as this is an expensive operation and it may be unnecessary if there is no consumer of the new token). Other firebase services (realtime db, firestore) need the persistent connection, so they need to continuously do so. Otherwise a disconnect will be experienced. – bojeil Apr 25 '18 at 17:10