Home > OS >  Firebase Authentication ( Email & Password ) how to check existing user
Firebase Authentication ( Email & Password ) how to check existing user

Time:12-07

I'm using Firebase Auth in my app. I wrote code in onStart().

private fun checkLogged() {
    if (Firebase.auth.currentUser != null) {
        startActivity(Intent(this@LoginActivity, MainActivity::class.java))
        finish()
    } else {
        auth.signOut()
    }
}

But when I disable or delete this user in the console, It's still logged in. How can I edit code correctly?

CodePudding user response:

When a user is successfully signed in with Firebase, then it receives a token that is valid for about an hour. If you disable a user in the Firebase console, it doesn't mean that the access is restricted too. No, the user can still have access for about an hour. After that period of time, the token that was previously generated needs to be refreshed, but the operation will fail since the user account is disabled. A disabled account cannot get a new token. So the user can still have access until the access will be automatically revoked.

If you want to remove that access before the token expires, then you should consider keeping an additional list of "banned" UIDs and maintaining it over time. For example, you can keep a global array of bannedUIDs in a Firestore document, and add the UID to that array. Then, in your security rules, you can check if that particular UID is banned or not. If that UID exists inside that array, then Firebase servers will reject the operation, otherwise, it can continue to use your app.

Page link:https//www.codepudding.com/os/634251.html

Prev:How to get all documents on a nested firebase collection
Next:Can't seem to get app to upload image to firebase storage from camera
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding