0

Our app provide multi devices sync feature.

A same Google account, with multiple devices, will have multiple Firebase token Id

FirebaseInstanceId.getInstance().getInstanceId()

Over the time, a Firebase token Id from a same device might become invalid/ expired, and being refreshed with a new Firebase token Id.

In our backend, this is how we check our stored Firebase token Id, to determine whether they are still valid.

def is_valid_token(token):    

    try:
        failure_counter = 0

        while True:
            if failure_counter >= 3:
                return False        

            body = '{"dry_run": true, "registration_ids":["' + token + '"]}'
            req = urllib.request.Request('https://fcm.googleapis.com/fcm/send')
            req.add_header('Content-Type', 'application/json')
            req.add_header('Authorization', 'key=' + constants.FCM_AUTHORIZATION_KEY)
            with urllib.request.urlopen(req, body.encode('utf8')) as response:
                string = response.read().decode('utf8')
                d = json.loads(string)

                if d['failure'] == 1:
                    failure_counter = failure_counter + 1
                    continue
                else:
                    return True
    except Exception as e:
        logging.error(e, exc_info=True)

        exc_type, exc_obj, exc_tb = sys.exc_info()

        error = exc_type
        message = str(e)
        line_number = exc_tb.tb_lineno
        filename = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]

        insert_into_error_log(error, message, filename, line_number, token)

    return True

What we did is, we perform a dry_run mode FCM send. If such operation fails for 3 times continuously, we will mark the token as invalid.

However, we notice that such approach isn't accurate enough. As, we have user who only owns 2 devices. However, there are 12 different valid Firebase token id associate with his single Google account.

I was wondering, do you have any reliable approach, to validate a Firebase token id, besides performing dry_run FCM send?

Cheok Yan Cheng
  • 47,586
  • 132
  • 466
  • 875
  • Did you try authenticating via the Firebase Admin SDK? https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_the_firebase_admin_sdk – vepzfe Apr 21 '20 at 08:31
  • But, I thought `FirebaseInstanceId.getInstance().getInstanceId()` and `FirebaseAuth.getInstance().getCurrentUser().getIdToken()` (As shown in Firebase Admin SDK example) are 2 different things? – Cheok Yan Cheng Apr 21 '20 at 11:57
  • Yeah, you're right. https://stackoverflow.com/a/54390981/3090120. InstanceId represents a device and IdToken represents a user. So I think you need not worry about validating the instanceId, because when its updated the app will get a call via onNewToken and you can update then on your backend. – vepzfe Apr 21 '20 at 12:02
  • The problem is, when user send a new Token via onNewToken, you still cannot decide whether you should mark the user previous token as invalid. This is because, you cannot decide whether the new incoming token, is coming from a new device, or an existing old device. – Cheok Yan Cheng Apr 21 '20 at 12:07
  • Did you try this? https://stackoverflow.com/a/45697880/3090120 – vepzfe Apr 21 '20 at 12:13
  • Yes. I'm doing the same thing. – Cheok Yan Cheng Apr 21 '20 at 12:30
  • Is not sending `"dry_run" : true` not a different request? – vepzfe Apr 21 '20 at 12:37

0 Answers0