Should I store token created by Firebase Admin SDK .createCustomToken(uid)?

0
votes

I wonder if the token I created by Firebase Admin SDK .createCustomToken(uid) should be stored somewhere or not.

Consider the case:

client: new user A registeration

sever: token = fbSDK.createCustomToken(uid)

client: use this token to auth with Firebase

later user A log out and log in again

should I lookup saved token for that user?

or should I again use fbSDK.createCustomToken(uid) and this token will be the same as previous or al least attached to previously created firebase user A?

Thanks in advance.

1
firebasefirebase-authenticationfirebase-admin

1 Answers

3
votes

While there is nothing preventing you from saving the token, there is no purpose/benefit - don't waste your time. You should check out the docs for the Firebase Admin SDK for Authentication.

The docs include the following relevant sentence when discussing the required properties of the custom tokens... specifically, the exp property that determines for how long the token is valid:

The time, in seconds since the UNIX epoch, at which the token expires. It can be a maximum of 3600 seconds later than the iat. Note: this only controls the time when the custom token itself expires. But once you sign a user in using signInWithCustomToken(), they will remain signed in into the device until their session is invalidated or the user signs out.

To your 2nd question, a different token is generated each time createCustomToken() is called. Since tokens expire, you should call the function for each successful login.