I couldn’t find recent discussion on this topic. Moderator feel free to point me to a better place to research this if that’s the case.
I’m using Firebase Authentication on my app and having success loging in my users both with Google and E-mail providers. But the token expires every hour, so I need to redirect the user back to the login screen too often. This is hurting user experience.
I couldn’t find anything on the default firebase-auth extension to retrieve or use refresh tokens. I found an old archive that contained an extension by “mirxterm” for Firebase Authentication that provides refresh token after login and includes a block to login with refresh tokens. I guess that’s what I need. But after downloading this extension and trying to use it I always get an “invalid API key” message back from the login method, even tho I’ve entered the correct “current-key” value from my “google-services.json” file downloaded from the credentials page in Google Api / Firebase.
I guess maybe this old “mirxterm” extension isn’t working anymore?
My question for the community is if anyone has any idea on how I could approach this problem. Is there any way to solve this with the default firebase-auth extension? Maybe one of you guys solved this in a project of yours and could point me in the right direction.
You can save your information to tiny dp on the first login, so you can control it with tiny and I think this problem will disappear. when the user logs out, you clear the tag
Yes, however this may not keep track of admin activities that you impose in the Firebase dashboard, for example, when you suspend a user in the Authentication board, the user would still be able to log in. It would be a good idea to use TinyDB to save the email and the password, and when the user opens the app, the app automatically logs in and sees if the user is available or not.
Yes, you’re right, the administrator can open a server separately for its activities, for example, it makes a ban list and compares the stored data with this list before each screen is opened.
That might be a solution for email/password login, but I also intend to use login providers like Google and Facebook. In those cases, storing any login data locally becomes impossible since all login is handled internally by the smartphone itself.
I think the best practice would be to use the specification provided tools (Oauth2/OpenID Connect, in this case). That’s why I though of using refresh tokens as a secure and definitive way to solve this, despite the login method user choose.
I saw someone suggesting me of using Firebase Auth REST API directly from Kodular web component instead of the Firebase Authentication extension. I’m currently studying that to see if I’ll be able of doing it.
If anyone need this in the future, TIMAI2 has suggested me this wonderfull tutorial and it is working flawlessly for me so far. I can authenticate, retrieve refresh token and more using only the standard web component.
The only donwside is it makes more diffcult to use login providers, at least for me since I couldn’t figure out a way to do it. I’m now working only with email/password login. But, since the solution allows you to get and use the refresh token, you can persist user login safely and keep easy to the user by storing credentials locally, so he/she doesn’t have to type email and password everytime. It’s a good compromise between safety and easy of use.