Firebase auth web - keep the user session

[Arsenio Aguirre]

Hi, i see that the user session and token after the user authenticates expire after one hour, after one hour the user is logged out of the application because the token is expired.

How can i keep the user session more than one hour?

Thanks in advance.

Regards,
Arsenio

[Kato Richardson]

Hi Arsenio,

User auth should automatically renew. The way this works internally is that the auth token is "refreshed" (exchanged for a new one) when it expires. 

If you're trying to store the token locally and use it for API calls, then you may want to call getIdToken() each time instead of storing the results, so you're guaranteed a fresh token.

☼, Kato

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/54924088-a7e6-4887-a6c0-912da254dd51%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Kato Richardson |

Developer Programs Eng |

kato...@google.com |

775-235-8398

[Arsenio Aguirre]

Hi Kato, thanks for your reply, i have the next questions about it:

1.- "User auth should automatically renew". Are you talking about create a timer in the client-side and it runs each 55-58 min to renew the token?

2.- I am using the SDK (firebase for frontend and firebase-admin for backend) in my application, when i reload the page it runs on server-side and i lose the user session in the browser but keep the token in a cookie. So firebase.auth().currentUser() is undefined because i lose the user session. How can i keep the user session in the browser if i reload the page?

3.- Is getidtoken() available for server-side?

Thanks in advance.

Regards,
Arsenio

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/CADypTEYH4%3DKCbPznG9p1i%3DNgqRZDKosQh8UX31_n2Bt6QSF3mA%40mail.gmail.com.

[Kato Richardson]

Comments below...

On Tue, Nov 27, 2018 at 8:18 AM Arsenio Aguirre <aagui...@gmail.com> wrote:

Hi Kato, thanks for your reply, i have the next questions about it:

1.- "User auth should automatically renew". Are you talking about create a timer in the client-side and it runs each 55-58 min to renew the token?

Essentially, yes.

2.- I am using the SDK (firebase for frontend and firebase-admin for backend) in my application, when i reload the page it runs on server-side and i lose the user session in the browser but keep the token in a cookie. So firebase.auth().currentUser() is undefined because i lose the user session. How can i keep the user session in the browser if i reload the page?

You don't need to store anything in cookies. Firebase takes care of this. But you do need to wait for auth to initialize before calling currentUser().  Note that currentUser() should be null rather than undefined in your case.

3.- Is getidtoken() available for server-side?

You don't authenticate as users in the admin SDK, you use verifyIdToken() to validate client credentials only. But when doing so, you'll want to send the latest token.

 

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/CANE-FxqMWLp8VHY-58scpau-GRj1mRjrgjyb63EoUhYzYKqKBA%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

[Arsenio Aguirre]

Hi Kato, i am seeing in the result of onAuthStateChanged the next values, are they the token, refresh toke and expire date? Can you confirm? Can i use those values?

Thanks in advance.

Regards,

Arsenio

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/CADypTEYgZ74AcjejBaHRXPsPqYHotGLLzXBrdmi%2B-ig0U0purA%40mail.gmail.com.