3

I started playing with a simple emailAndPassword authentication. I was able to create a user and sign-in. Then I went to the firebase console and deleted the user. Isn't that supposed to log-out in all devices? I still receiving the logged-in user in onAuthStateChanged() and firebase.auth().currentUser. I am missing something? I am getting the full user info, even that doesnt exist anymore in the users table.

I am using react-native-firebase bindings

Spmbx
  • 33
  • 3

1 Answers1

5

Firebase Authentication tokens are valid for one hour and cached on the user's device. It is automatically refreshed by the client SDK. Deleting the account doesn't proactively reach out to all the user's devices to delete the token.

However, if you then try to read or write data that requires authentication, that should fail when using the cached token.

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
  • 4
    Thanks, I am way more than an hour logged-in (about 12 hours), that may be a client sdk issue. But if data reads that requires authentication fails (will test it), it solves my problem. – Spmbx Jun 08 '18 at 18:12
  • https://firebase.google.com/docs/auth/admin/manage-sessions "Firebase ID tokens are short lived and last for an hour" – Doug Stevenson Jun 08 '18 at 18:20
  • I am also experiencing a Firebase ID token remaining on a device for 12 hours now. Having to pause testing of login flow for the token to expire but I don't know how much longer to wait. – jwehrle Sep 11 '21 at 16:02