How to revoke an authentication token?

firebase firebase-security
TTimo picture TTimo · Feb 4, 2014 · Viewed 10.4k times · Source

Say I generated an authentication token, and to save on processing and remote calls, I've set it's expiration data some 30 days in the future.

Now I want to remove this account from my system, is there a way to revoke the authentication token I have given the client?

I don't think that's possible currently, and I can certainly work around that (by not having such high expiration times mostly), but I just wanted to make sure I didn't miss something in the docs.

Answer

Alex Redwood picture Alex Redwood · Jan 5, 2018

Firebase now offers the ability to revoke refresh tokens, it's quite fresh - added 04/01/2018. https://firebase.google.com/docs/auth/admin/manage-sessions#revoke_refresh_tokens

Related questions

Firebase Permission Denied

I'm relatively new to coding and am having trouble. I have this code to send data to firebase app.userid = app.user.uid var userRef = app.dataInfo.child(app.users); var useridRef = userRef.child(app.userid); useridRef.set({ locations: "", theme: "", …

Read More
How to protect firebase Cloud Function HTTP endpoint to allow only Firebase authenticated users?

With the new firebase cloud function I've decided to move some of my HTTP endpoint to firebase. Everything works great... But i have the following issue. I have two endpoints build by HTTP Triggers (Cloud Functions) An API endpoint to …

Read More
Missing or insufficient permissions when writing to Firestore using field in access rules

I am getting an error when attempting to write to Firestore. I am attempting to use a field containing the user uid for my security rule. service cloud.firestore { match /databases/{database}/documents { match /messages/{document=**} { allow read: if resource.…

Read More