当用户离线时,Firebase Auth session 持续多长时间?
[英]How long does a Firebase Auth session last when the user is offline?
问题描述
My App is on Flutter and I am using offline persistence because my users can stay up to 4 hours before having an Internet connection again.
我的应用程序在 Flutter 上,我正在使用离线持久性,因为我的用户最多可以停留 4 小时,然后才能再次连接互联网。 I have read that Refresh Tokens are long-lived and in theory "never expire", however in my tests I have noticed that there is a big difference between IOS and Android sessions:我读过刷新令牌是长期存在的,理论上“永不过期”,但是在我的测试中我注意到 IOS 和 Android 会话之间存在很大差异:
The tests I'm doing are the following:我正在做的测试如下:
- I open the App with Internet Connection and I proceed to authentication process (Firebase Auth behind the lines).我使用 Internet 连接打开应用程序并继续进行身份验证过程(Firebase Auth 后面)。
- I use the App and then activate the Offline mode我使用应用程序,然后激活离线模式
- I Minimize the application我最小化应用程序
- I activate airplane mode so the device doesn't have Internet Connection (Offline Mode)我激活了飞行模式,因此设备没有 Internet 连接(离线模式)
- I check some time later if the App is still within the session, so that I can continue entering data in Offline mode.稍后我检查应用程序是否仍在 session 内,以便我可以继续在离线模式下输入数据。
The results I have so far are:我到目前为止的结果是:
On IOS:在 IOS 上:
The session remains active in offline mode. session 在离线模式下保持活动状态。 I have tested for 75 mins, 120 mins and the last test I did for 4 hours.我已经测试了 75 分钟、120 分钟,最后一次测试了 4 小时。 I couldn't guarantee that the session never expires, but it does seem to be long-lasting.我不能保证 session 永不过期,但它似乎确实是持久的。
On Android:在 Android 上:
The session remains active if I enter before 25 minutes.如果我在 25 分钟之前进入,session 将保持活动状态。
I can keep the session active while offline, as long as I manipulate the App at least once every 25 minutes (I tried a sequence of 5 cycles of 25 minutes)我可以在离线时保持 session 处于活动状态,只要我每 25 分钟至少操作一次应用程序(我尝试了 5 个 25 分钟周期的序列)
If it has been minimized and offline for more than 30 minutes, it asks me again for credentials (which is impossible to get because I am offline)如果已最小化并离线超过 30 分钟,它会再次要求我提供凭据(由于我处于离线状态,因此无法获取)
My questions are:我的问题是:
1. What is the difference in the duration of the offline session after a Firebase authentication when the operating system is IOS or when it is Android? 1. What is the difference in the duration of the offline session after a Firebase authentication when the operating system is IOS or when it is Android?
2. Is there a real measure of how long a Firebase Auth session lasts when the device is offline? 2. 设备离线时,Firebase Auth session 的持续时间是否有真正的衡量标准?
3. Is there a way to modify this parameter to obtain longer sessions? 3. 有没有办法修改这个参数以获得更长的会话? I would like at least 12 hours or it never expires.我想要至少 12 小时,否则它永远不会过期。
ATTACHMENTS:附件:
Test Devices:测试设备:
IOS: Iphone X. IOS Version 14.2 IOS:Iphone X. IOS 版本 14.2
Android: Samsung J2 Android Version 8.1.0 Android:三星 J2 Android 版本 8.1.0
Flutter Code: Flutter 代码:
The way I am authenticating users using a provider is like following:我使用提供程序对用户进行身份验证的方式如下:
class UsuarioProvider {
final FirebaseAuth _firebaseAuth;
DatabaseReference db = FirebaseDatabase.instance.reference();
UsuarioProvider({FirebaseAuth firebaseAuth})
: _firebaseAuth = firebaseAuth ?? FirebaseAuth.instance;
Future <Map<String, dynamic>> signIn(String email, String password) async {
try {
UserCredential result = await FirebaseAuth.instance.signInWithEmailAndPassword(email: email, password: password);
User user = result.user;
return {'ok' : true, 'localId': user.uid, 'email' : user.email};
} catch (e) {
print(e);
return {'ok': false, 'code': '${e.code}', 'mensaje': '${e.message}' };
}
}
The way I'm using to call firebase is:我用来调用 firebase 的方式是:
void main() async {
WidgetsFlutterBinding.ensureInitialized();
await Firebase.initializeApp();
FirebaseDatabase database;
database = FirebaseDatabase.instance;
database.setPersistenceEnabled(true);
database.setPersistenceCacheSizeBytes(10000000);
runApp(MyApp());
}
1 个解决方案
解决方案1
2 已采纳 2020-12-21 19:19:36
How long does a Firebase Auth session last when the user is offline?
Firebase Authentication is based on two tokens: a refresh token that never expires, and an ID token that expires an hour after it's minted and is auto-refreshed by the SDKs. Firebase 身份验证基于两个令牌:一个永不过期的刷新令牌,以及一个在生成后一小时过期并由 SDK 自动刷新的 ID 令牌。
As covered in my answer to your previous question , there is no way to extend an ID token, so if the user is offline it will expire.正如我对您上一个问题的回答中所述,没有办法扩展 ID 令牌,因此如果用户离线,它将过期。 Hence, you should reframe the question from "when does it expire?"因此,您应该从“它何时到期?”重新构建问题。 to "what do the SDKs do when the ID token has expired?"到“当 ID 令牌过期时 SDK 会做什么?”
The database SDK for example will continue to process reads and queue up writes when the user is offline.例如,数据库 SDK 将在用户离线时继续处理读取和排队写入。 If will even continue to do so when the ID token has expired, since the SDK doesn't determine whether authentication is required: the database security rules typically do that.当 ID 令牌过期时,if 甚至会继续这样做,因为 SDK 不会确定是否需要身份验证:数据库安全规则通常会这样做。
When the connection to the server is restored, the database client waits until the ID token is refreshed, before it sends pending writes to the server, to ensure those writes are processed auth an up to date authentication state.当与服务器的连接恢复时,数据库客户端会等到 ID 令牌被刷新,然后才会向服务器发送挂起的写入,以确保这些写入经过最新的身份验证 state 进行处理。
Your problem is not that your authentication session/ID tokens expires, it's that some part of the app or the SDKs on Android is asking the user to re-enter their credentials.您的问题不是您的身份验证会话/ID 令牌过期,而是应用程序的某些部分或 Android 上的 SDK 要求用户重新输入他们的凭据。 Troubleshooting this problem should start with figuring out where that prompt comes from.解决此问题应首先确定该提示的来源。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.