1

According to the docs certain actions (such as Delete a user) require the user to have recently signed in. How does one know before the action if the user has recently signed in? Is there anything in the object returned by firebase.auth().currentUser that indicates whether a user recently signed in?

Edit: To explain futher, it is possible for a user to be signed in and for firebase.auth().currentUser to return valid user data but the user may have signed in before a certain time period (I don't what that is exactly) and this flags the user as "not signed in recently" and thus cannot perform certain actions (see above) without re-authenticating using user.reauthenticate(credential)

camden_kid
  • 12,591
  • 11
  • 52
  • 88
  • yes it returns currently logged In user – Zaid Mirza Oct 29 '16 at 06:11
  • The thing is the Firebase Auth backend could change that duration at will. The recommended way is to catch that specific error and call reauthenticate on the user when that happens. – bojeil Oct 31 '16 at 05:03
  • @bojeil I somehow think a call like user.recentlySignedIn() would be better than knowing the user hasn't recently signed with an error to a call like delete. For example, one may want to do some clearing up elsewhere before doing the delete. – camden_kid Oct 31 '16 at 07:19

2 Answers2

1

It seems like a good practice with Firebase users is to use their Auth class for sign-ins and basic info (provider, etc.) then store actual user data, by user ID, in a separate Users table. We've used this setup in our medium-sized app and store info like last_logged_in, updated_at, and created_at. Added benefit of this is you can query on it like in this answer.

This would certainly allow you to query last_logged_in on a user to determine if they had signed in recently.

Community
  • 1
  • 1
imjared
  • 19,492
  • 4
  • 49
  • 72
  • 1
    It seems a bit odd to me to link the database with Auth in such a way. Also, how do you know what time frame is considered "recently"? – camden_kid Oct 29 '16 at 19:13
  • I'd just think of it like a relationship. It has worked well for us but YMMV. As for the "recently" timeframe, I have no idea what that is and find it odd that the docs don't say but that wasn't really the original question. – imjared Oct 29 '16 at 23:42
-1

The recommended way to get the current user is by setting an observer on the Auth object:

https://firebase.google.com/docs/auth/web/manage-users#get_the_currently_signed-in_user

You can observe on user state. And when he signs in/signs out you will be notified. 

firebase.auth().onAuthStateChanged(function(user) {
  if (user) {
    // User has recently signed in.
  } else {
    // No user has recently signed out.
  }
});
Zura Sekhniashvili
  • 1,147
  • 7
  • 19
  • Thanks but a currently signed in user can also not be recently signed in. :-) Check the docs linked in my question. – camden_kid Oct 29 '16 at 13:14