Cached inconsistent auth state

[Kasbolat Kumakhov]

I've already created a discussion about cache issues with data (where data is first taken from cache and only after some delay downloaded from database) and i believe this is related.

Steps:

1. create an email/password account in firebase console

2. log in with it from android app (using signInWithEmailAndPassword).

3. close the app (completely, not just "minimize")

4. open firebase console and disable/remove this account

5. launch app again and successfully authorize

By (5) i mean that FirebaseAuth.getInstance().getCurrentUser() returns an active user with an ID and FirebaseAuth.getInstance().addAuthStateListener() does the same.

I waited for some time and onAuthStateChanged() wasn't called with null auth data.

Restarted app for several times - same.

Also tried disabling/removing account while app was running and still haven't received any onAuthStateChanged().

The only thing that helped is clearing the app data from apps menu in android OS.

No local persistance was enabled. Also tried adding keepSynced(true) for root reference - no difference.

All i did was just checking for FirebaseAuth.getInstance().getCurrentUser() on startup and outputing it to log. Same for FirebaseAuth.getInstance().addAuthStateListener().

I'm trying to implement seamless user authentication. That is if the user has authenticated for the first time, then every launch i check for previous auth data (using FirebaseAuth.getInstance().getCurrentUser()).

If the getCurrentUser() returnes correct data, then my app assumes that authentication is successful and goes on.

Perhaps i'm doing something wrong?

Perhaps i need to log with signInWithEmailAndPassword() every time on every launch and not check for cached account?

Here is a snippet:

public FirebaseAuthProvider() {
    firebaseAuth = FirebaseAuth.getInstance();
    firebaseAuth.addAuthStateListener(new FirebaseAuth.AuthStateListener() {
        @Override
        public void onAuthStateChanged(@NonNull FirebaseAuth firebaseAuth) {
            FirebaseUser user = firebaseAuth.getCurrentUser();
            MainApplication.logInfo("DB_AUTH_STATE: " + (user != null));
        }
    });
}

public void startSignIn(AuthListener authListener) {
    MainApplication.logInfo("DB_AUTH_AUTO: " + (firebaseAuth.getCurrentUser() != null));

    FirebaseUser user = firebaseAuth.getCurrentUser();
    if (user != null) {
        authListenerList.add(authListener);
        signedInEvent(user);
    } else {
        startSignInDialog(authListener);
    }
}

Using this code i get "DB_AUTH_STATE: true" and "DB_AUTH_AUTO: true" even if the account was removed/disabled.

[Alfonso Gomez Jordana Manas]

Hello Kasbolat.

FirebaseAuth#getCurrentUser() and FirebaseAuth.AuthStateListener's are local operations. They do not do a remote call to check the most up to date status of the user in the server (they only work with cached data).

User's cached data is updated in many occasions by the SDK (roughly every hour), but if you wish to force a refresh when the app is opened, you can trigger one manually. One way to do so would be to call:

FirebaseAuth#getCurrentUser().getToken(true)

And then, in that API call, handle the exception FirebaseAuthInvalidUserException, which will be thrown if the user is disabled, its credentials are invalid, or the user has been deleted.

Please note: even if this exception is thrown, the user will not be signed out automatically, (this is so you can still access cached data such as their profile information), so make sure you call signOut() explicitly if that is the behavior that you want.

Let me know if this helps or if you have any further questions!

Alfonso

[Kasbolat Kumakhov]

Thanks!

Currently i'm having some troubles building entire procedure in my head (things like session expiration and secondary login without user interruption, etc.).

I'll check what you proposed and will get back to report.

четверг, 28 июля 2016 г., 6:28:49 UTC+3 пользователь Alfonso Gomez Jordana Manas написал: