0

I am following the login with Facebook example for my app from here.

I have a question regarding one of the login test cases as mentioned on facebook. Here is the scenario:

  1. First time user comes, sees the login to facebook button
  2. Successfully logs in, sees and approves the facebook(fb) app permission screen, and I get the authdata, and some other info
  3. User closes the app
  4. User directly goes on Facebook and revokes the access to the fb app, approved in Step 2.
  5. User opens the mobile app, and still able to use it, without getting the facebook login button..?

Ideally I would like to see the login button again. How do we handle such a scenario with Firebase and Facebook together? Do I need to check something on every app restart and what all things I need to clear before new login starts?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
duskandawn
  • 646
  • 1
  • 10
  • 19
  • Posted here too: https://github.com/firebase/firebase-login-demo-android/issues/17. My feedback from there: "Good question. Once a token has been granted, you cannot revoke that token. If you think this is a serious problem for your application, the best you can do is set a short Session Length in the Login & Auth tab of your App's dashboard." – Frank van Puffelen Jul 17 '15 at 16:22
  • Also see http://stackoverflow.com/questions/21560336/how-to-revoke-an-authentication-token, http://stackoverflow.com/questions/19377172/firebase-authentication-not-revoked-when-user-deleted and https://groups.google.com/forum/#!searchin/firebase-talk/revoke/firebase-talk/Th0HZs_jBNc/QO8xjOOjoU4J – Frank van Puffelen Jul 17 '15 at 16:25

0 Answers0