Android Question Firebase token

[Eme Fibonacci]

Scenario:

User do a logon using an account (firebase authentication).

He receives a token. This token is sent to my B4J server and stored on device. Now he has access to my server.

The user comes in contact and say that device has lost. He asks to block access.

If I just block that token the user will be permanently disabled even if he buys a new phone and changes the passwords in his email provider.

I not would able to distinguish new device and old device because both has de same token.

How work arround?

 

[Computersmith64]

I haven't had much to do with Firebase Authentication, but I would have thought that a new token would be issued every time the user logs in. If that's the case, then if the user gets a new device, installs your app & then logs in to his account, he should get a new token - which would make the old one invalid.

I could be wrong, but it should be easy enough for you to test the theory.

- Colin.

 

[KMatle]

The user comes in contact and say that device has lost. He asks to block access.

i don't think that this is critical. The Firebase Auth is based on the logged in Google account on the device.

Let's say you have 2 devices:

1. your phone
2. your tablet

Let's now assume you lose you tablet. What will happen? You will surely change the pw for your Google account.

I did not try but I really believe that you get a new token then. Just try it (change your Google account pw and do a login)