My Node.js app uses Firebase products as well as a server running in App Engine. So when a user is signed in, he should be able to authenticate on both platforms. I used custom tokens for this.
In server, I called admin.auth().createCustomToken(uid) and sent that token to client.
In client, I used firebase.auth().signInWithCustomToken(token) and signed in. All good.
I also read regarding the token exp field
The time, in seconds since the UNIX epoch, at which the token expires. ... But once you sign a user in using signInWithCustomToken(), they will remain signed in into the device until their session is invalidated or the user signs out.
So the Firebase handles the token refresh and all (please correct me if I'm wrong), which I don't have to worry about. Moreover, Firebase and my app uses the same keys (service account keys) to generate the token.
Custom tokens are signed JWTs where the private key used for signing belongs to a Google service account.
So a token generated is compatible between firebase and the server.
Now, where I'm stuck is, I need token to authenticate to App Engine server. How to get the latest (non-expired) token from firebase after doing a successful firebase.auth().signInWithCustomToken(token)?
I could have used the token in signInWithCustomToken(token). But this may me expired after an hour. So I thought I could depend on the firebase authentication.
Thanks.
