Custom token expiration

[Dylan Marriott]

With Firebase 2.x I created a custom token and used it in my iOS app. I set an expiration date for 2018. That all worked great.

Now with 3.x it seems the token expires after ~ 24 hours. I don't really want to generate it on a server and fetch it always from the client. Seems a bit over kill for my use case. I don't need the perfect security, as the app goes to a limited audience. All I want is to have some control over what data the iOS app can access with its token. That's why just generating a token that never expires (or doesn't for a few years) was an ideal solution for me.

I've tried generating a token with an expiration date like this, but it didn't work:

console.log(firebase.auth().createCustomToken(id, {expires:1514764800}))

Any ideas how I could get that to work? Or is generating a new token every time and have the clients fetch it from a server the only way to do a simple anonymous authentication?

Thanks!

[boj...@google.com]

Once they login using the custom token, the Firebase exchanged Id token is long lived and is automatically refreshed. You don't need to mint a new custom token on each request. You can verify the Firebase Id token using the backend server libraries and as long as it is valid, you don't to sign in the user again.

[Dylan Marriott]

But I have to always create a new custom token for each client?

With Firebase 2.x I just created one token on machine. I didn't need a server that's online.

That's not possible anymore?

[Alfonso Gomez Jordana Manas]

Hello Dylan!

Alfonso from the Firebase Auth team here.

I'd like to understand a bit better what is your exact use case. You mention in your original post that you wanted to do anonymous auth. is that correct? In that case, is there a reason why using FIRAuth#signInAnonymouslyWithCompletion() may not work for you? (this would save you the need to go through your own server)

[Dylan Marriott]

Hi Alfonso

That seems like the best way to do it, somehow missed it. 

Thanks for the tip!