Firebase is there any way to sign out both platform web and mobile app?
Can I let the user sign out both web and mobile app simultaneously so that once signed out from web app, no longer be able to login to mobile app?
firebase firebase-authentication
asked Nov 15 '18 at 10:32
DaibakuDaibaku
5201212
add a comment |
Can I let the user sign out both web and mobile app simultaneously so that once signed out from web app, no longer be able to login to mobile app?
firebase firebase-authentication
asked Nov 15 '18 at 10:32
DaibakuDaibaku
5201212
add a comment |
Can I let the user sign out both web and mobile app simultaneously so that once signed out from web app, no longer be able to login to mobile app?
firebase firebase-authentication
asked Nov 15 '18 at 10:32
DaibakuDaibaku
5201212
Can I let the user sign out both web and mobile app simultaneously so that once signed out from web app, no longer be able to login to mobile app?
firebase firebase-authentication
firebase firebase-authentication
asked Nov 15 '18 at 10:32
DaibakuDaibaku
5201212
asked Nov 15 '18 at 10:32
DaibakuDaibaku
5201212
asked Nov 15 '18 at 10:32
DaibakuDaibaku
5201212
asked Nov 15 '18 at 10:32
DaibakuDaibaku
5201212
asked Nov 15 '18 at 10:32
DaibakuDaibaku
5201212
5201212
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Theres no way to logout someone on different devices but you have a few options, just requires putting some elements together.
You could revoke the users refresh tokens which would mean when the token expires and the sdk goes to refresh it couldn't and would log out the user.
// Revoke all refresh tokens for a specified user for whatever reason.
// Retrieve the timestamp of the revocation, in seconds since the epoch.
admin.auth().revokeRefreshTokens(uid)
.then(() =>
return admin.auth().getUser(uid);
)
.then((userRecord) =>
return new Date(userRecord.tokensValidAfterTime).getTime() / 1000;
)
.then((timestamp) =>
console.log("Tokens revoked at: ", timestamp);
);
You could also put a flag in the firebase realtime database and then when they reopen the app on their other devices, if logged in they could read the flag and do the logout on the client. Also if they had the web/mobile app open you could log them out in that way if they are listening for that flag at all times.
var logoutRef = firebase.database().ref('userLogoutRef/' + userUid);
logoutRef.on('value', function(snapshot)
if (snapshot.val() === true)
firebase.auth().signOut()
);
You would just want to make sure you remove this flag on a subsequent login so a user can login.
answered Nov 15 '18 at 11:20
Jack WoodwardJack Woodward
63149
1
You could use the same flag to also (in Firebase server-side security rules) deny the user further access to the database. This approach is blacklisting the user, so the node you store them in is typically called/blacklistor/bannedUsers.
– Frank van Puffelen
Nov 15 '18 at 14:14
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53317421%2ffirebase-is-there-any-way-to-sign-out-both-platform-web-and-mobile-app%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Theres no way to logout someone on different devices but you have a few options, just requires putting some elements together.
You could revoke the users refresh tokens which would mean when the token expires and the sdk goes to refresh it couldn't and would log out the user.
// Revoke all refresh tokens for a specified user for whatever reason.
// Retrieve the timestamp of the revocation, in seconds since the epoch.
admin.auth().revokeRefreshTokens(uid)
.then(() =>
return admin.auth().getUser(uid);
)
.then((userRecord) =>
return new Date(userRecord.tokensValidAfterTime).getTime() / 1000;
)
.then((timestamp) =>
console.log("Tokens revoked at: ", timestamp);
);
You could also put a flag in the firebase realtime database and then when they reopen the app on their other devices, if logged in they could read the flag and do the logout on the client. Also if they had the web/mobile app open you could log them out in that way if they are listening for that flag at all times.
var logoutRef = firebase.database().ref('userLogoutRef/' + userUid);
logoutRef.on('value', function(snapshot)
if (snapshot.val() === true)
firebase.auth().signOut()
);
You would just want to make sure you remove this flag on a subsequent login so a user can login.
answered Nov 15 '18 at 11:20
Jack WoodwardJack Woodward
63149
1
You could use the same flag to also (in Firebase server-side security rules) deny the user further access to the database. This approach is blacklisting the user, so the node you store them in is typically called/blacklistor/bannedUsers.
– Frank van Puffelen
Nov 15 '18 at 14:14
add a comment |
Theres no way to logout someone on different devices but you have a few options, just requires putting some elements together.
You could revoke the users refresh tokens which would mean when the token expires and the sdk goes to refresh it couldn't and would log out the user.
// Revoke all refresh tokens for a specified user for whatever reason.
// Retrieve the timestamp of the revocation, in seconds since the epoch.
admin.auth().revokeRefreshTokens(uid)
.then(() =>
return admin.auth().getUser(uid);
)
.then((userRecord) =>
return new Date(userRecord.tokensValidAfterTime).getTime() / 1000;
)
.then((timestamp) =>
console.log("Tokens revoked at: ", timestamp);
);
You could also put a flag in the firebase realtime database and then when they reopen the app on their other devices, if logged in they could read the flag and do the logout on the client. Also if they had the web/mobile app open you could log them out in that way if they are listening for that flag at all times.
var logoutRef = firebase.database().ref('userLogoutRef/' + userUid);
logoutRef.on('value', function(snapshot)
if (snapshot.val() === true)
firebase.auth().signOut()
);
You would just want to make sure you remove this flag on a subsequent login so a user can login.
answered Nov 15 '18 at 11:20
Jack WoodwardJack Woodward
63149
1
You could use the same flag to also (in Firebase server-side security rules) deny the user further access to the database. This approach is blacklisting the user, so the node you store them in is typically called/blacklistor/bannedUsers.
– Frank van Puffelen
Nov 15 '18 at 14:14
add a comment |
Theres no way to logout someone on different devices but you have a few options, just requires putting some elements together.
You could revoke the users refresh tokens which would mean when the token expires and the sdk goes to refresh it couldn't and would log out the user.
// Revoke all refresh tokens for a specified user for whatever reason.
// Retrieve the timestamp of the revocation, in seconds since the epoch.
admin.auth().revokeRefreshTokens(uid)
.then(() =>
return admin.auth().getUser(uid);
)
.then((userRecord) =>
return new Date(userRecord.tokensValidAfterTime).getTime() / 1000;
)
.then((timestamp) =>
console.log("Tokens revoked at: ", timestamp);
);
You could also put a flag in the firebase realtime database and then when they reopen the app on their other devices, if logged in they could read the flag and do the logout on the client. Also if they had the web/mobile app open you could log them out in that way if they are listening for that flag at all times.
var logoutRef = firebase.database().ref('userLogoutRef/' + userUid);
logoutRef.on('value', function(snapshot)
if (snapshot.val() === true)
firebase.auth().signOut()
);
You would just want to make sure you remove this flag on a subsequent login so a user can login.
answered Nov 15 '18 at 11:20
Jack WoodwardJack Woodward
63149
Theres no way to logout someone on different devices but you have a few options, just requires putting some elements together.
You could revoke the users refresh tokens which would mean when the token expires and the sdk goes to refresh it couldn't and would log out the user.
// Revoke all refresh tokens for a specified user for whatever reason.
// Retrieve the timestamp of the revocation, in seconds since the epoch.
admin.auth().revokeRefreshTokens(uid)
.then(() =>
return admin.auth().getUser(uid);
)
.then((userRecord) =>
return new Date(userRecord.tokensValidAfterTime).getTime() / 1000;
)
.then((timestamp) =>
console.log("Tokens revoked at: ", timestamp);
);
You could also put a flag in the firebase realtime database and then when they reopen the app on their other devices, if logged in they could read the flag and do the logout on the client. Also if they had the web/mobile app open you could log them out in that way if they are listening for that flag at all times.
var logoutRef = firebase.database().ref('userLogoutRef/' + userUid);
logoutRef.on('value', function(snapshot)
if (snapshot.val() === true)
firebase.auth().signOut()
);
You would just want to make sure you remove this flag on a subsequent login so a user can login.
answered Nov 15 '18 at 11:20
Jack WoodwardJack Woodward
63149
answered Nov 15 '18 at 11:20
Jack WoodwardJack Woodward
63149
answered Nov 15 '18 at 11:20
Jack WoodwardJack Woodward
63149
answered Nov 15 '18 at 11:20
Jack WoodwardJack Woodward
63149
63149
1
You could use the same flag to also (in Firebase server-side security rules) deny the user further access to the database. This approach is blacklisting the user, so the node you store them in is typically called/blacklistor/bannedUsers.
– Frank van Puffelen
Nov 15 '18 at 14:14
add a comment |
1
You could use the same flag to also (in Firebase server-side security rules) deny the user further access to the database. This approach is blacklisting the user, so the node you store them in is typically called/blacklistor/bannedUsers.
– Frank van Puffelen
Nov 15 '18 at 14:14
1
1
You could use the same flag to also (in Firebase server-side security rules) deny the user further access to the database. This approach is blacklisting the user, so the node you store them in is typically called
/blacklist or /bannedUsers.– Frank van Puffelen
Nov 15 '18 at 14:14
You could use the same flag to also (in Firebase server-side security rules) deny the user further access to the database. This approach is blacklisting the user, so the node you store them in is typically called
/blacklist or /bannedUsers.– Frank van Puffelen
Nov 15 '18 at 14:14
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53317421%2ffirebase-is-there-any-way-to-sign-out-both-platform-web-and-mobile-app%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
