Firebase 3.x - 令牌/会话过期
Firebase 3.x - Token / Session Expiration
有谁知道令牌过期需要多长时间?现在没有选项可以在控制台上设置令牌有效性。
在最新版本的 Firebase 身份验证中,登录会话不再过期。相反,它结合使用长期帐户令牌和短期自动刷新访问令牌来获得两全其美。
如果你想结束一个用户的会话,你可以调用signOut()。
它确实过期了。登录一小时后,令牌 ID 过期。如果你尝试验证 sdk returns 一个错误 "Error: Firebase ID token has expired. Get a fresh token from your client app and try again. See https://firebase.google.com/docs/auth/server/verify-id-tokens for details on how to retrieve an ID token."
有没有这种方法可以将过期时间更改为 Firebase 令牌,而不是自定义令牌。
任何人都知道这是如何工作的。
对于任何仍然感到困惑的人来说,这就是全部explained in great detail here
If your app includes a custom backend server, ID tokens can and should
be used to communicate securely with it. Instead of sending requests
with a user’s raw uid which can be easily spoofed by a malicious
client, send the user's ID token which can be verified via a Firebase
Admin SDK (or even a third-party JWT library if Firebase does not have
an Admin SDK in your language of choice). To facilitate this, the
modern client SDKs provide convenient methods for retrieving ID tokens
for the currently logged-in user. The Admin SDK ensures the ID token
is valid and returns the decoded token, which includes the uid of the
user it belongs to as well as any custom claims added to it.
如果上面的回答还让你一头雾水,
这就是我所做的:
firebase.auth().onAuthStateChanged(async user => {
if (user) {
const lastSignInTime = new Date(user.metadata.lastSignInTime);
const lastSignInTimeTimeStamp = Math.round(lastSignInTime.getTime() / 1000);
const yesterdayTimeStamp = Math.round(new Date().getTime() / 1000) - (24 * 3600);
if(lastSignInTimeTimeStamp < yesterdayTimeStamp){
await firebase.auth().signOut()
this.setState({
loggedIn: false
});
return false;
}
this.setState({
loggedIn: true,
user
});
}
})
有谁知道令牌过期需要多长时间?现在没有选项可以在控制台上设置令牌有效性。
在最新版本的 Firebase 身份验证中,登录会话不再过期。相反,它结合使用长期帐户令牌和短期自动刷新访问令牌来获得两全其美。
如果你想结束一个用户的会话,你可以调用signOut()。
它确实过期了。登录一小时后,令牌 ID 过期。如果你尝试验证 sdk returns 一个错误 "Error: Firebase ID token has expired. Get a fresh token from your client app and try again. See https://firebase.google.com/docs/auth/server/verify-id-tokens for details on how to retrieve an ID token."
有没有这种方法可以将过期时间更改为 Firebase 令牌,而不是自定义令牌。
任何人都知道这是如何工作的。
对于任何仍然感到困惑的人来说,这就是全部explained in great detail here
If your app includes a custom backend server, ID tokens can and should be used to communicate securely with it. Instead of sending requests with a user’s raw uid which can be easily spoofed by a malicious client, send the user's ID token which can be verified via a Firebase Admin SDK (or even a third-party JWT library if Firebase does not have an Admin SDK in your language of choice). To facilitate this, the modern client SDKs provide convenient methods for retrieving ID tokens for the currently logged-in user. The Admin SDK ensures the ID token is valid and returns the decoded token, which includes the uid of the user it belongs to as well as any custom claims added to it.
如果上面的回答还让你一头雾水, 这就是我所做的:
firebase.auth().onAuthStateChanged(async user => {
if (user) {
const lastSignInTime = new Date(user.metadata.lastSignInTime);
const lastSignInTimeTimeStamp = Math.round(lastSignInTime.getTime() / 1000);
const yesterdayTimeStamp = Math.round(new Date().getTime() / 1000) - (24 * 3600);
if(lastSignInTimeTimeStamp < yesterdayTimeStamp){
await firebase.auth().signOut()
this.setState({
loggedIn: false
});
return false;
}
this.setState({
loggedIn: true,
user
});
}
})