B4J Question FirebaseServer + jRdc2

Alexander Stolte · Jul 7, 2020

With every query to jRDC2, do I have to Verify the user Token?

[server] FirebaseServer - backend verification for signed in users

Users can sign in to your B4A or B4i apps using Google or Facebook with the FirebaseAuth libraries. FirebaseServer completes the puzzle with server side verification of the user. This means that the signed in user gets a token id (long string) from Firebase services by calling...

www.b4x.com

DonManfred · Jul 7, 2020

B4X:

Sub fs_TokenVerified (TokenId As String, Success As Boolean, Token As FirebaseToken)
   If Success Then
     Log(Token.DisplayName)
     Log(Token.Email)
     Log(Token.Uid)
   End If
End Sub

It is up to you to store the successfully check of a token in your DB to do it only if not already verified.

Alexander Stolte · Jul 7, 2020

The problem is, the access token expires every hour, so I have to inquire with every request whether it is still valid?

DonManfred · Jul 7, 2020

how are accesstoken with the firebase instance id token in common?

Alexander Stolte · Jul 7, 2020

DonManfred said:
how are accesstoken with the firebase instance id token in common?

I mean the user "idToken" which the user gets back when he logs in.

Firebase Auth REST API

firebase.google.com

DonManfred · Jul 7, 2020

The FirebaseIdToken is not a AccessToken

The IDToken can change. You need to do a new check on the new token if it changes.

Alexander Stolte · Jul 7, 2020

DonManfred said:
The FirebaseIdToken is not a AccessToken

but a token with which I can ensure that the user is authenticated with his email and password or not?

DonManfred said:
The IDToken can change. You need to do a new check on the new token if it changes.

Thats the problem, so i have to check every time if the token is still valid, if not, i have to say to the app, "renew the token".

Thanks!

Erel · Jul 7, 2020

Alexander Stolte said:
Thats the problem, so i have to check every time if the token is still valid, if not, i have to say to the app, "renew the token".

Why? Once the user is authenticated you can set a flag in the user session object and treat this user as an authenticated user.

DonManfred · Jul 7, 2020

Alexander Stolte said:
that the user is authenticated with his email and password or not?

No!

I do have a Token in any of my apps using Firebasenotification.
This does not imply i did use firebase auth to authenticate myself.

Alexander Stolte · Jul 7, 2020

DonManfred said:
No!

but with what return value then? The "idToken" is different for every user and when I log in again the idToken is also different.

Erel said:
Why? Once the user is authenticated you can set a flag in the user session object and treat this user as an authenticated user.

ok, i'll check it out.

B4J Question FirebaseServer + jRdc2

Alexander Stolte

Expert

[server] FirebaseServer - backend verification for signed in users

DonManfred

Expert

Alexander Stolte

Expert

DonManfred

Expert

Alexander Stolte

Expert

Firebase Auth REST API

DonManfred

Expert

Alexander Stolte

Expert

Erel

B4X founder

DonManfred

Expert

Alexander Stolte

Expert

Similar Threads