3

I am using firebase client sdk to login with signInWithEmailAndPassword method on my server now I also want to unauth/logout user from the server (admin sdk) code. I tried following code but the old token is still working. What can we do? does the custom token will work in this case ? Basically I want to manage user login and logout on my server rather depend on firebase client sdk

FirebaseAdmin.auth().revokeRefreshTokens(uid)
  .then(() => {
    return FirebaseAdmin.auth().getUser(uid);
  })
  .then((userRecord) => {
    return new Date(userRecord.tokensValidAfterTime).getTime() / 1000;
  })
  .then((timestamp) => {
    //return valid response to ios app to continue the user's login process
  });
Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Navneet Garg
  • 1,364
  • 12
  • 29
  • You can't logout a user via the admin SDK like it's pointed out by Frank van Puffelen in this post. But there is also a workound that seems to work I guess. https://stackoverflow.com/questions/53087895/how-to-force-logout-firebase-auth-user-from-app-remotely – Constantin Beer Sep 13 '19 at 06:53
  • Possible duplicate of [How to force logout firebase auth user from app remotely](https://stackoverflow.com/questions/53087895/how-to-force-logout-firebase-auth-user-from-app-remotely) – Constantin Beer Sep 13 '19 at 06:54
  • I am not user firebase store or db i just want to use auth system in nodejs – Navneet Garg Sep 13 '19 at 07:46
  • @ConstantinBeer I am using nodejs sdk and not using any firebase database or storedatabase – Navneet Garg Sep 13 '19 at 09:14
  • 1
    When an ID token is minted it gets a certain expiration data (default is one hour) There is no way to revoke an already minted token before it expires. That's why developers with your use-case will typically implement a lockout system in the backend they are trying to protect. In the example Constantin linked that is a Firebase database, but you could implement the same in other systems too. What isn't possible however is kicking a specific user out of Firebase Authentication before their ID token has expired. – Frank van Puffelen Sep 13 '19 at 14:10

0 Answers0