In Firebase 9.0.0 API, how to check the user has valid Auth session or not?

Question

In legacy Firebase API, I was using "mFirebase.getAuth().getExpires()" to validate the user session. But in new Firebase 9.0.0 API, I couldn't find such validation.

Right now I'm checking the availability of Auth session as below,

public static boolean hasValidAuthToken() {
    return FirebaseAuth.getInstance().getCurrentUser() != null ? true : false;
}

How can I handle this, if the token got expired?

Update: Actually I'm doing custom Authentication. Having Firebase server sdk(java) at server side. By default, auth token will get expire after 1 hour.

Getting following error after token expired,

D/ConnectionRetryHelper: Scheduling retry in 398ms
D/PersistentConnection: pc_0 - Trying to fetch auth token
D/PersistentConnection: pc_0 - Error fetching token: An internal error has occured. [ Internal error. ]
D/PersistentConnection: pc_0 - Scheduling connection attempt

How can I handle this scenario?

Thanks in advance!

I've logged this issue in Firebase Github page, [Why the expiry time of Firebase custom auth token is limited to max 1Hr(3600sec) ?](https://github.com/firebase/quickstart-android/issues/31) — Karthi R, Jun 11 '16 at 02:43

score 2 · Answer 1 · answered May 24 '16 at 17:44

2

The check you are doing should be sufficient for interacting with Firebase Database or Storage, tokens are automatically refreshed by the Authentication SDK.

answered May 24 '16 at 17:44

Sam Stern

24,624
13
93
124

Thanks for your help. Actually I'm doing custom Authentication. I've updated my question along with error. – Karthi R May 25 '16 at 07:28

score 2 · Answer 2 · answered Jun 10 '16 at 08:26

2

Firebase latest version has an error to keep the token "fresh".

In this discussion a Google developer shared a guide to solve this problem.

Guide: https://drive.google.com/file/d/0B94LePkXiqa6SXVFd3N1NzJHX1E/view

It worked for me.

answered Jun 10 '16 at 08:26

Luan Barbosa

462
4
16

3

Always try to put the solution in the answer, links might be dead. – Otávio Jun 10 '16 at 11:53
Thanks for your update! Are you doing **custom Authentication** ? – Karthi R Jun 11 '16 at 02:31
No. In my case I only use Anonymous Authentication check, so that only app users can use my database. – Luan Barbosa Jun 13 '16 at 06:43

score 2 · Answer 3 · answered Jul 22 '16 at 06:04

FirebaseAuth.getInstance().getCurrentUser() will return null if the is not authenticated with Firebase. This will happen if the user has signed out, or was never signed in.

The JWT generated server-side for a custom auth has a max lifespan of 60 minutes. If you haven't used it to authenticate the user to Firebase before then, I expect you will see an error like you have mentioned.

Try submitting the token to Firebase before it expires (ie less than 1hr after you generate it). If you haven't auth'd the user against Firebase before then, you will need to get your server to custom generate another token.

See https://firebase.google.com/docs/auth/android/custom-auth for how to submit the custom token to Firebase and authenticate the user.

In Firebase 9.0.0 API, how to check the user has valid Auth session or not?

3 Answers3

Linked