jeh jeh - 9 days ago 4
iOS Question

Handling one hour token expiration in Firebase generated from iOS used for node auth

The flow for my application:

Login into Firebase through iOS. Retrieve the firebase token and store in the keychain -

FIRAuth.auth()?.currentUser?.getTokenWithCompletion({ (token, err) in
//store token in keychain
})


This token is sent in the header to my node server to authenticate requests -

firebase.auth().verifyIdToken(firebaseAccessToken).then(function(decodedToken) {
//allow access to api
}


The token then expires after an hour. My question is how should I handle this?


  • Store the time the token was retrieved on the client and force a
    refresh if needed

  • Refresh the token for every API call

  • Use the token to authenticate, then create another token server side with a longer expiration time and store this as the auth token



Or is there another option here?

Answer

Storing the token on the keychain manually is effectively fighting – and incorrectly reimplementing – the behavior provided by the Firebase SDK. You should not do that in the first place.

Then, the second option is the cleanest: call getTokenWithCompletion every time before calling your backend service. It's a cheap call, as it will only refresh the token if it has expired.