Why users can still access the app even though their account has been deleted on firebase auth?

Question

I'm trying to prevent users with deleted accounts on Firebase Auth from accessing my flutter app. However, I noticed that even after I deleted their account, they could still access the app, I tried to print to the console and noticed that even though the account was deleted on Firebase Auth, it somehow still exists on the client's machine. I wrote the test condition statement inside main function as follows:

  final auth = FirebaseAuth.instance;
  final user = auth.currentUser;
  await DefaultCacheManager().emptyCache();
  if (auth.currentUser == null) {
    runApp(MyApp(initialScreen: LoginPage()));
    dev.log('user:$user');
  } else {
    runApp(const MyApp(
      initialScreen: MyHomePage(title: 'Home'),
    ));
    dev.log('user:$user');
  }

Answer 1

When a user signs into Firebase Authentication, they get an ID token that is valid for one hour. During that time Firebase assumes that the information in the token is valid.

If you want to disallow actions from the user before that ID token expires, you'll have to either track their UID or the ID token itself. For a good explanation of this, and how to implement it, see the Firebase documentation on managing user sessions.

Also see:

• When a Firebase user is deleted from Firebase console (after user login), it is not reflected in the application
• Deleted user has access to Firebase Firestore