3

I'm using Sign-in with Google method to sign-in a user in my app.

Problems - Update:

  1. If I uninstall the app (after sign-out or without sign-out) and re-install the app, FirebaseAuth.getInstance().getCurrentUser() comes non-null. So, the user gets access to the account.

  2. I even tried by clearing the app data, the problem still exists.

The app was working fine before adding 'FirebaseInstanceIdService' and 'FirebaseMessagingService' services. Means, it was signing-out automatically after uninstalling.

Manifest.xml

    <meta-data   
android:name="com.google.firebase.messaging.default_notification_channel_id"
        android:value="@string/default_notification_channel_id"/>
    <meta-data android:name="firebase_messaging_auto_init_enabled"
        android:value="false" />
    <meta-data android:name="firebase_analytics_collection_enabled"
        android:value="false" />

....

<service
        android:name=".services.MyFirebaseMessagingService"
        android:exported="false">
        <intent-filter>
            <action android:name="com.google.firebase.MESSAGING_EVENT"/>
        </intent-filter>
    </service>

    <service
        android:name=".services.MyFirebaseInstanceIDService"
        android:exported="false">
        <intent-filter>
            <action android:name="com.google.firebase.INSTANCE_ID_EVENT"/>
        </intent-filter>
    </service>

....

MyFirebaseMessagingService.class

public class MyFirebaseMessagingService extends FirebaseMessagingService {

private static final String TAG = "MessagingService";

@Override
public void onMessageReceived(RemoteMessage remoteMessage) {
    super.onMessageReceived(remoteMessage);

    Log.e(TAG, String.valueOf(remoteMessage));
}
}

MyFirebaseInstanceIDService.class

public class MyFirebaseInstanceIDService extends FirebaseInstanceIdService {

private static final String TAG = "InstanceIdService";

@Override
public void onTokenRefresh() {
    super.onTokenRefresh();

    if (FirebaseAuth.getInstance().getCurrentUser() == null){
        return;
    }

    String tokenId = FirebaseInstanceId.getInstance().getToken();

    saveTokenIdToDatabase(tokenId);
}
}

signOutAccount method

private void signOutAccount(){

FirebaseAuth.getInstance.signOut();

            Intent intent = new Intent(getApplicationContext(), LoginActivity.class);
            intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP);
            intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK);
            startActivity(intent);
            finishAffinity();
}
pratiked
  • 1,712
  • 1
  • 11
  • 18
  • Are you using Smart Lock? If so, firebase automatically log in your Google account even if is a fresh install – GuilhermeFGL May 09 '18 at 19:00
  • try this `FirebaseAuth.AuthStateListener authListener = new FirebaseAuth.AuthStateListener() { @Override public void onAuthStateChanged(@NonNull FirebaseAuth firebaseAuth) { FirebaseUser user = firebaseAuth.getCurrentUser(); if (user == null) { // user auth state is changed - user is null // launch login activity startActivity(new Intent(MainActivity.this, LoginActivity.class)); finish(); } } };` –  May 09 '18 at 21:01
  • @GuilhermeFGL No smart lock. I haven't even changed my testing device. It is happening after I worked on FirebaseMessagingService – pratiked May 10 '18 at 04:18
  • @D.'s No, it's not working. – pratiked May 10 '18 at 05:56
  • can you please remove this `if (FirebaseAuth.getInstance().getCurrentUser() == null){ return; }` –  May 10 '18 at 11:52
  • @Eminem Still not working – pratiked May 11 '18 at 15:58

1 Answers1

11

You're not the only one struggling with it. I had similar issue. After reinstalling (or updating) the app, in BaseActivity I checked if user is logged in. And he was.. FirebaseAuth.getInstance().getCurrentUser() returned non-null value. So when I used the uid to get data from firebase database I got a mess - some random items.

Also note, that I could reproduce it only on some devices. For examples, I got non-null value on Nexus 5x but not on Oneplue 3t (8.0.0).

After some investigation I found out several interesting facts.

Fact #1 (docs)

There are some cases where getCurrentUser will return a non-null FirebaseUser but the underlying token is not valid.

In fact, when getCurrentUser() != null you can't be sure that user is actually signed in. My conclusion was, I can't rely on getCurrentUser and I should reconsider the way how I check if user logged in (as an option).

Fact #2

Android app sometimes remembers its data after reinstalling the app, because of automatic backup. See the post for more details.

Solution

<application
  android:allowBackup="false"
  android:fullBackupContent="false"
  ...>

I set android:allowBackup and android:fullBackupContent to false. So when I reinstall the app (or update it), firebase current user is null.

Andrew
  • 2,438
  • 1
  • 22
  • 35
  • regarding Fact 1, immediately after firebase init, I awaited the get jwt method with force refresh = true. not sure the line in Android but in Flutter `await FirebaseAuth.instance.currentUser?.getIdToken(true);` this set current user to the correct state. – g2server Aug 04 '22 at 01:57