stackoom
  简体   繁体   中英

How should I invalidate user access tokens in AngularFire/Firebase?

 原文  2016-03-03 23:48:34       javascript/ angularjs/ firebase/ angularfire

Question

Context

Using instructions for logging out users found here and here .

I am using AngularFire with AngularJS, and authenticating users with the e-mail & password method.

The Problem

Calling $unauth does not invalidate a user's token: Subsequent calls to $authWithPassword return an identical authentication token.

Note: Tokens invalidate correctly after the expiration time set on the server.

The Code 

angular
    .module('app')
    // Auth Factory
    .factory("Auth", ["$firebaseAuth", "FIREBASE_URI",
        function($firebaseAuth, FIREBASE_URI) {
            var ref = new Firebase(FIREBASE_URI);
            return $firebaseAuth(ref);
        }
    ])

Controller: 

function authenticationCtrl($scope, $state, authService) {
    var authenticationCtrl = this;

    // LOGIN
    var login = function (userObject) {
        authService.loginWithPassword(userObject, function () {
            $state.go('[...]');
        },
        function (errorText) {
            // ERROR
            console.error("Error logging in user:", errorText)
        });
    };

    // LOGOUT
    var logout = function () {
        // Clear locally logged in user
        $scope.authData = null;
        authService.logout();
    };

    // PUBLIC
    return {
        login: login,
        logout: logout
    };
};

angular
    .module('app')
    .controller('authenticationCtrl', authenticationCtrl)

Service: 

function authService($state, FIREBASE_URI, Auth) {
    var model = this,
        ref = new Firebase(FIREBASE_URI);

    // LOGIN
    model.loginWithPassword = function(credentials, callBack, errorCallBack) {
        Auth.$authWithPassword(credentials)
            .then(function(authData) {
                model.cachedUser = authData;
                callBack();
            }).catch(function(error) {
                console.error("Authentication failed:", error);
            });
    };

    // LOGOUT
    model.logout = function() {
        Auth.$unauth();
        model.cachedUser = null;
        $state.go('common.login');
    };
};

angular
    .module('app')
    .service('authService', authService)

1 answers

solution1
 1 ACCPTED  2016-03-04 01:03:57

You cannot manually invalidate a token if you're using Firebase's email & password authentication provider. The only way to do that is to use a Custom Authentication implementation to generate tokens yourself. You can then invalidate a token by revoking the Firebase secret that was used to generate the token.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to get providers access tokens from Firebase authenticated user? How to associate an input with a user in firebase using angularfire? Firebase user authentication with AngularFire How do I get the current user's access token in AngularFire2? Firebase angularfire2 - How to return data from the current user only? How can I sort a firebase angularfire array into weeks and days? How can I Get YYYY/MM/DD of Timestamp firebase with AngularFire How can I display firebase details in a separate page in Angularfire Ionic? How to input a time into firebase with AngularFire? Firebase / Angularfire 0.9 - Create new user and profile
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM