匿名用户使用带角度和弹簧引导的 firebase 登录

Question

I am developing an Angular 10 app using spring boot as a server. I want to anonymously login users using firebase, I use this for favorite items etc and I need the user to be logged in before the first backend request. I added angularfire dependency, I sign in the user anonymously and I get the user token as follows:

    this.auth.signInAnonymously()
      .catch(err =>
        //log the error
      );

    this.auth.onAuthStateChanged(user => {
      if (user) {
        const token =  user.getIdToken();

        user.getIdToken(true).then(idToken => {
          this.cookieService.set('Authorization', idToken);
        });
      }
    });

I added the token to the cookies because I want to use it on the backend side (and I don't want to make a filter to add it to every request as a header):

FirebaseToken decodedToken = FirebaseAuth.getInstance().verifyIdToken(authCookie.get().getValue());

My problem is that after a while the token expires and on the backend I receive the following error:

Firebase ID token has expired. Get a fresh ID token and try again

I can't figure out if I can refresh the token from the backend. Is there any way to handle refreshing the token when it expires? (before calling the backend with an expired token)

Can you give me an idea on how to design anonymous login without much delays and without retries?

Best regards

Answer 1

You should add code to listen to change in the ID token, as it gets automatically refreshed every hour. Use onIdTokenChanged

firebase.auth().onIdTokenChanged(function(user) {
  if (user) {
    // User is signed in or token was refreshed.
  }
});

You will need to update your cookie every time the callback triggers due to an ID token change.