2

I'm working on a very uncritical project. Therefore I want to have the best possible user experience while authentication meaning: log in once and stay logged in forever.

I managed to get firebase authentication working. However the token expires after one hour.

I read that the refresh token never expires. (see here ) Therefore I thought of putting it in the local storage and use it to retrieve a new access token. Is that correct?

If this was the case: why is there no 

this.afAuth.auth.getTokenWithRefreshToken()

Do I need to use 

this.afAuth.auth.signInWithCustomToken(MyRefreshTokenFromLocalStorage)

this function?

What does setting the persistence to LOCAL actually do? In the docs it says you will be logged in forever (even if browser is closed and reopened) but thats not true? "This includes the ability to specify whether a signed in user should be indefinitely persisted until explicit sign out, cleared when the window is closed or cleared on page reload." (firebase docs)

I tried quite a few things including a third-party auth-provider but I never know if its not working or if I'm not smart enough. So if someone could give me a direction what might work and where I could focus my tries and errors I'd be super happy.

ReyAnthonyRenacia
  • 17,219
  • 5
  • 37
  • 56
Klops
  • 951
  • 6
  • 18

3 Answers3

2

This thread says the problem is configuration in GCP https://groups.google.com/g/firebase-talk/c/9q6jQKtZyEg but does not elaborate

It turned out to be a GCP API configuration issue. The Token Service API must not be restricted, to allow the token to be refreshed.

After more search, I got this https://github.com/firebase/firebase-js-sdk/issues/497#issuecomment-375500476

You need to add "Token Service API" to the list of restrictions for your API KEY in APIs & Servicers/Credentials at GCP console.

Bernardo Gomez
  • 21
  • 4
0

You do need to retrieve the refresh token yourself. User.prototype.getIdToken will check if the token expires, if no, it returns the token, otherwise, it uses the refresh token to exchange a new id token for you.

For persistence, there is a doc here: https://firebase.google.com/docs/auth/web/auth-state-persistence

Local basically means the sign in states persist until you explicitly sign out and also the the states persist across tabs.

Ti Wang
  • 775
  • 4
  • 9
0
firebase.auth.Auth.Persistence.LOCAL

'local' Indicates that the state will be persisted even when the browser window is closed or the activity is destroyed in React Native. An explicit sign out is needed to clear that state. Note that Firebase Auth web sessions are single host origin and will be persisted for a single domain only.

 firebase.auth.Auth.Persistence.SESSION

'session' Indicates that the state will only persist in the current session or tab, and will be cleared when the tab or window in which the user authenticated is closed. Applies only to web apps.

 firebase.auth.Auth.Persistence.NONE

'none' Indicates that the state will only be stored in memory and will be cleared when the window or activity is refreshed.

Chukwuemeka Maduekwe
  • 6,687
  • 5
  • 44
  • 67