Logging Firebase users out after a set period of time.

Image for post
Image for post
Photo by Aron on Unsplash

Some apps, such as banking websites and other data-sensitive applications, force users to re-authenticate after a set period of time. However, the Firebase client SDKs do not have built-in support for such situations. Instead, user sessions generated via Firebase Authentication are indefinite, only ending due to one of the following situations:

  • The user is explicitly signed out via the client-side SDK.
  • The user is disabled.
  • The user is deleted.
  • A major account change is detected, such as an update to the user’s password or email address.
  • The user’s refresh token is revoked via the Firebase Admin SDK.

Although there is no API to specify the duration of Firebase Authentication sessions, there are two methods to enforce such a restriction using a combination of Security Rules and a few lines of client-side logic. …


An overview of the Firebase client SDK authentication model.

I am a former member of the Firebase team, joining before the Google-owned days when Firebase was still a small startup. I no longer work at Google, but I still use Firebase for many projects. Join my mailing list to stay updated on my writing.

Image for post
Image for post
“shallow focus photography of love lock” by Christian Wiediger on Unsplash

As part of expanding to become a unified app platform during Google I/O in May 2016, Firebase ushered in a new set of SDKs. With those new SDKs came a new authentication model which still exists today. Information about the authentication model can be found scattered throughout the official Firebase docs, but there is no good overview on the topic. …

About

Jacob Wenger

I like to build cool stuff. Current Firebase consultant. Formerly software engineer at Firebase, Google, Microsoft.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store