2

I'm using web firebase javascript to authenticate by email and password. This process generates a token which I use to verify on my nodejs backend using firebase-admin. Once this token is generated, I store it on the browser local/session storage.

The front end is AngularJs which I intercept the http request to inject the token stored within the browser.

This is working fine, however after a while this token expire. So what would be the best way to refresh this token before it sends to the nodejs api?

Note: should I requet the currentUser.getToken() every request?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Caco
  • 121
  • 1
  • 2
  • 4

1 Answers1

10

The currentUser.getIdToken() only refreshes the token when the current token has expired! So it doesn't create unneeded traffic or requests to Firebase!

firebase.auth().currentUser.getIdToken(true) // here we force a refresh
.then(function(token) {
  // ... do stuff!
}).catch(function(error) {
  if (error) throw error
});

You'll see that I added true as an argument to the getIdToken() function. This forces a refresh!

Here is the Firebase Documentation for the getIdToken() function.

I hope that helps!

uhfocuz
  • 3,178
  • 2
  • 13
  • 27
jsnns
  • 109
  • 3
  • 4
    I think you have it backwards. The documentation states that if forceRefresh is true, then it will refresh regardless of expiration. Skipping the forceRefrsh parameter (default false) will return the same token until it has expired, and then provide a new one. – willbattel Sep 25 '17 at 00:11
  • it looks like you can't specify that paramerter any more.. I'm using [4.4.0 JS SDK](https://github.com/firebase/firebase-js-sdk/blob/master/src/messaging/controllers/window-controller.ts) – peval27 Sep 30 '17 at 17:14
  • @jsnns So no any possibilities to force refresh token? My app has 4 way of login(Fb, Google, SMS, Email) and once user changed on same device token still not updated. Guess i need look to Custom Token side? – Fikret Aug 27 '19 at 12:02
  • @Fikret the latest version of Firebase documentation indicates that the `forceRefresh` parameter still exists. – jsnns Aug 28 '19 at 13:09