My goal is to logout a user from the web app in the user is logged in another browser.
Example: If the user is logged in chrome and now the user is trying to log in firefox then the user should be logged out from chrome.
Is there a solution to remove only that particular token from firebase
I have already used revokeRefreshTokens method to revoke the tokens. But that won't work because this method will remove all the tokens. Which means also the token in mobile app. So if the user logs into a browser then the user will be logged out from the app. The below code is the one I used
admin.auth().revokeRefreshTokens(uid);
Is there a solution to remove a user token alone from firebase. Thanks in advance.
You have to manage the session. PassportJS have such functions. See this post:
Express.js + Passport.js : How to restrict multiple login by the same user?
Since you are trying to do that with Firebase, here try this:
How to prevent simultaneous logins of the same user with Firebase?
Related
I have succesfully setup a NodeJS web application that uses the Microsoft Graph API. There is only one silly problem.
So if a user wants to use the application, he has to log in first. Thats why the first page of my app is the authentication url of the Microsoft API. After the user has succesfully logged in, he is send to the homepage. Now when the user clicks on logout button, problems begin to appear.
As I have said earlier, the first page of the app is the auth url from Microsoft API. When the user logs out he is send back to that same url, because he is not logged in anymore. While he is being send to the login url, microsoft automatically logs the user back in.
So my question is, is there a way the user isn't logged in autmatically after he signed out?
I know this has to do with the cookies from login.live.com. Because if I delete them I have to mannually sign in again.
The solution is to use prompt parameter. docs.
I just realized I built a web app around a bug.
I use firebase authentication to login the user. Then I use the user-uid from firebase to find the user with the id in mongodb. The connection between firebase and mongodb work but when I close the browser, use a differnt browser or connect to the localserver via phone the user is still logged in. So one user loggs in and every client which is connected to the server is loggd in with the same data unless someone presses "Logout" or the server gets restarted.
I tried to set a persistence with firebase.auth().setPersistence(firebase.auth.Auth.Persistence.SESSION) but then I get the error Error: The current environment does not support the specified persistence type.
Why does the server saves the loggd in user, how can I fix that? :(
For people who landed on this by search engines:
I solved this by recoding the login system to a cookie based authentication.
You can use the tutorial by firebase:
https://firebase.google.com/docs/auth/admin/manage-cookies
I am trying to build a simple project where a user can search a movie from an api and add the selected movie to their "/movies" page, after being logged in.
I am using Nodejs, mongodb, express for backend and vanilla javascript for the front end.
When the user is registered or logged-in I am creating a JWT token and adding the token to the database.
My goal is to redirect them to their home page, which is "/user/movies"
Assume the user has logged in the first time, and it closed the
website, after some time has passed (not enough to expire the token)
the user opened the website again and went to "/user/movies" (which
requires an authentication.)
My question is, how would we still keep authenticated with the user after re-visiting, how can we reach the token that is previously created?
When I use postman, I can manually check the token from the database and enter the Authorization token to header and send a post request to validate the user.
But in the browser, how can I reach my previously created token to validate the user again?
I have tried localStorage but, in order to save token to the
localStorage, I need to take it from the database, but you can't
change localStorage in the backend.
I have tried cookies with http-only flag, but then how can I reach
the token from the front-end, since http-only, restrains from using javascript
What are my options in order to reach a JWT token from the front-end so that I can keep the user still authenticated, even after they close the website and come back later. (not enough to expire the token)
I am very new to how authentication works If I am making a logical mistake please tell me.
You need to send JWT token along with your other data as a response from your login API. Once you receive the response on the front end then just store the JWT Token to the localStorage by "localStorage.setItem("token",response.data.token).
Now you can always reference localStorage.getItem("token") to get the token even user close the browser and comeback again. Please do not forget to clear this localStoage by localStorage.removeItem("token") when user logout.
Also please note to not provide any expiry during the JWT token creation otherwise even you store that locally in localStorage then also it will get expire on server side and give "Forbidden error"
When you authenticate the user for the first time, store the token in the localStorage.
And since localStorage's data never gets deleted on its own, you can listen to the event of DOMContentLoaded where you can retrieve the token from the localStorage and authenticate the user with it, when the page is revisited.
You can read more about localStorage here
I'm a newbie in React Native and struggling in handling the state of authentication in my app.
I'm using Redux and haven't persisted the authentication state to silently log user in yet. I've added Firebase authentication
Basically what I want is when a user signs in, he will be signed out by the app when that same account signs in in a different device.
Or at least, can we disable the activity of the old user ?
Can anyone please guide me stages and requirements in order to achieve this ?
Thanks in advance!
You can not automatically signout the other/old user but check the authentication token while calling any API by the old user.
While you are logging in from a new device just generates an authentication token on firebase. And from the very next pass that token through header while calling any API.
This is the logic.
I am having issues figuring out how to implement the functionality for my current tasks. I will try to explain the situation simply:
The app is an Angular 2 webapp that uses Firebase for authentication. when the app loads up, the user is automatically authenticated anonymously (since we have database and file storage rules that are set to "auth != null".
Then later in the app there is a feature that the user can only use when authenticated through an auth provider (Google). If I try to just sign in with Google it saying that the user is already signed in.
So we can sign out, and then try to authenticate with Google. But then what if the user closes the auth popup box or denies giving the app permissions? Then the user is not authenticated at all!
And if we re-authenticate anonymously if the Google sign-in fails then we have a completely different username (created from the uid) which is very weird UX for the user.
Perhaps I am not thinking about it correctly, but I just don't see any good solution for what I'm trying to do. Hopefully, someone else can find a better solution. Thanks!