1

I would be curious to know how the application code should handle the revoking of Notification permission token in conjunction with Firebase Cloud Messaging (FCM). The question is partially similar to this post/answer although their case does not include FCM.

So we have the following scenario:

  1. The app does not require users to log in (hence the tokens we store in a database are anonymous, not associated with any uid)

  2. The app offers a set of opt-in/opt-out buttons to grant and revoke Notification permission.

  3. The app collects the tokens in the database, for later use by sendToDevice(tokens, notifcation) in firebase functions.

  4. The app persists the token after the token has been issued (getToken) or refreshed (onTokenRefresh) by utilizing localStorage in order to later supply it to deleteToken(token) and also to indicate in UI the current status of notification subscription.

  5. Now, user chooses to revoke permission that had once been granted - if they do so cleanly (via the opt-out button), the deleteToken(token) method is invoked and the appropriate local storage item is cleared. Everything should be in sync and FCM will no longer send to this user.

  6. Question What if user clears all permissions or local storage in a more administrative/bulk way, on global browser scope. The things get then out of sync. The token disappears from the browser and UI is going to show opted out, but the token has not been deleted from database, therefore it is still valid and the user is going to keep getting the notifications. The result of the sending will not contain any error for this user, so we will not be able to recognize the situation and remove the token.

What is the most common practice here? Are anonymous notifications discouraged? Am I missing anything in my understanding of Notification and FCM?

user776686
  • 7,933
  • 14
  • 71
  • 124

1 Answers1

0

The token will eventually become invalid. You will be able to tell because sending a message to that token will yield an error code of "error:NotRegistered". From the linked documentation:

An existing registration token may cease to be valid in a number of scenarios, including:

  • If the client app unregisters with FCM.
  • If the client app is automatically unregistered, which can happen if the user uninstalls the application. For example, on iOS, if the APNS Feedback Service reported the APNS token as invalid.
  • If the registration token expires (for example, Google might decide to refresh registration tokens, or the APNS token has expired for iOS devices).
  • If the client app is updated but the new version is not configured to receive messages.

For all these cases, remove this registration token from the app server and stop using it to send messages.

It will be something similar if you're using the Admin SDK or a different version of the FCM server API to send the message.

While you might not receive immediate feedback about this, you will eventually get this error message, and that's your clue to remove it from your database.

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441