[英]Firebase Authentication ( Email & Password ) how to check existing user
I'm using Firebase Auth in my app.我在我的应用程序中使用 Firebase Auth。 I wrote code in onStart()
.我在onStart()
中编写了代码。
private fun checkLogged() {
if (Firebase.auth.currentUser != null) {
startActivity(Intent(this@LoginActivity, MainActivity::class.java))
finish()
} else {
auth.signOut()
}
}
But when I disable or delete this user in the console, It's still logged in. How can I edit code correctly?但是当我在控制台中禁用或删除该用户时,它仍然处于登录状态。如何正确编辑代码?
When a user is successfully signed in with Firebase, then it receives a token that is valid for about an hour.当用户使用 Firebase 成功登录后,它会收到一个有效期约为一个小时的令牌。 If you disable a user in the Firebase console, it doesn't mean that the access is restricted too.如果您在 Firebase 控制台禁用用户,并不意味着访问也受到限制。 No, the user can still have access for about an hour.不,用户仍然可以访问大约一个小时。 After that period of time, the token that was previously generated needs to be refreshed, but the operation will fail since the user account is disabled.这段时间过后,需要刷新之前生成的令牌,但由于用户帐户被禁用,操作将失败。 A disabled account cannot get a new token.禁用的帐户无法获得新令牌。 So the user can still have access until the access will be automatically revoked.因此,在访问权限被自动撤销之前,用户仍然可以访问。
If you want to remove that access before the token expires, then you should consider keeping an additional list of "banned" UIDs and maintaining it over time.如果你想在令牌过期之前删除该访问权限,那么你应该考虑保留一个额外的“禁止”UID 列表并随着时间的推移维护它。 For example, you can keep a global array of bannedUIDs in a Firestore document, and add the UID to that array.例如,您可以在Firestore文档中保留一个全局的 bannedUID 数组,并将 UID 添加到该数组中。 Then, in your security rules, you can check if that particular UID is banned or not.然后,在您的安全规则中,您可以检查该特定 UID 是否被禁止。 If that UID exists inside that array, then Firebase servers will reject the operation, otherwise, it can continue to use your app.如果该 UID 存在于该数组中,则 Firebase 服务器将拒绝该操作,否则,它可以继续使用您的应用程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.