用户离线时,Firebase Auth会话可持续多长时间?
我的应用程序在Flutter上,并且我使用的是离线持久性,因为我的用户最多可以停留4个小时才能再次建立Internet连接.我已经阅读到刷新令牌是长期存在的,并且理论上说永不过期",但是在我的测试中,我注意到IOS和Android会话之间存在很大的差异:
My App is on Flutter and I am using offline persistence because my users can stay up to 4 hours before having an Internet connection again. I have read that Refresh Tokens are long-lived and in theory "never expire", however in my tests I have noticed that there is a big difference between IOS and Android sessions:
我正在做的测试如下:
- 我通过Internet连接打开该应用,然后继续进行身份验证过程(幕后的Firebase身份验证).
- 我使用该应用,然后激活离线模式
- 我最小化应用程序
- 我激活了飞行模式,因此设备没有Internet连接(离线模式)
- 过一会儿我会检查应用程序是否仍在会话中,以便我可以在脱机模式下继续输入数据.
我到目前为止的结果是:
在iOS上:
会话在离线模式下保持活动状态.我已经测试了75分钟,120分钟,而我上一次测试已经进行了4个小时.我不能保证该会话永不过期,但它似乎是持久的.
The session remains active in offline mode. I have tested for 75 mins, 120 mins and the last test I did for 4 hours. I couldn't guarantee that the session never expires, but it does seem to be long-lasting.
在Android上:
如果我在25分钟前进入会议,会话将保持活动状态.
The session remains active if I enter before 25 minutes.
只要我每25分钟至少操作一次该应用程序一次(我尝试了25分钟的5个周期的序列),我就可以保持会话在离线状态下处于活动状态
I can keep the session active while offline, as long as I manipulate the App at least once every 25 minutes (I tried a sequence of 5 cycles of 25 minutes)
如果已将其最小化并脱机超过30分钟,它将再次询问我凭据(由于我处于脱机状态而无法获取)
If it has been minimized and offline for more than 30 minutes, it asks me again for credentials (which is impossible to get because I am offline)
1.当操作系统为IOS或Android时,Firebase身份验证后的脱机会话持续时间有何不同?
2.设备脱机后,Firebase Auth会话可以持续多长时间?
3.有没有一种方法可以修改此参数以获得更长的会话?我希望至少要有12个小时,否则它永远都不会过期.
附件:
测试设备:
IOS:IphoneX.IOS版本14.2
IOS: Iphone X. IOS Version 14.2
Android:三星J2 Android版本8.1.0
Android: Samsung J2 Android Version 8.1.0
Flutter代码:
我使用提供程序对用户进行身份验证的方式如下:
The way I am authenticating users using a provider is like following:
class UsuarioProvider {
final FirebaseAuth _firebaseAuth;
DatabaseReference db = FirebaseDatabase.instance.reference();
UsuarioProvider({FirebaseAuth firebaseAuth})
: _firebaseAuth = firebaseAuth ?? FirebaseAuth.instance;
Future <Map<String, dynamic>> signIn(String email, String password) async {
try {
UserCredential result = await FirebaseAuth.instance.signInWithEmailAndPassword(email: email, password: password);
User user = result.user;
return {'ok' : true, 'localId': user.uid, 'email' : user.email};
} catch (e) {
print(e);
return {'ok': false, 'code': '${e.code}', 'mensaje': '${e.message}' };
}
}
我用来调用firebase的方式是:
The way I'm using to call firebase is:
void main() async {
WidgetsFlutterBinding.ensureInitialized();
await Firebase.initializeApp();
FirebaseDatabase database;
database = FirebaseDatabase.instance;
database.setPersistenceEnabled(true);
database.setPersistenceCacheSizeBytes(10000000);
runApp(MyApp());
}
用户离线时,Firebase Auth会话持续多长时间?
How long does a Firebase Auth session last when the user is offline?
Firebase身份验证基于两个令牌:一个永不过期的刷新令牌,一个ID令牌,在铸造后的一个小时内过期,并由SDK自动刷新.
Firebase Authentication is based on two tokens: a refresh token that never expires, and an ID token that expires an hour after it's minted and is auto-refreshed by the SDKs.
正如我对您先前的问题的回答中所述,无法扩展ID令牌,因此,如果用户处于脱机状态,它将过期.因此,您应该从问题何时到期?"重新构造问题.
As covered in my answer to your previous question, there is no way to extend an ID token, so if the user is offline it will expire. Hence, you should reframe the question from "when does it expire?" to "what do the SDKs do when the ID token has expired?"
例如,当用户脱机时,数据库SDK将继续处理读取并使写入排队.如果ID令牌已过期,如果甚至可以继续这样做,因为SDK不会确定是否需要身份验证:数据库安全规则通常会这样做.
The database SDK for example will continue to process reads and queue up writes when the user is offline. If will even continue to do so when the ID token has expired, since the SDK doesn't determine whether authentication is required: the database security rules typically do that.
当恢复到服务器的连接时,数据库客户端将等待直到刷新ID令牌为止,然后再将未决的写操作发送到服务器,以确保对这些写操作进行身份验证以达到最新的身份验证状态.
When the connection to the server is restored, the database client waits until the ID token is refreshed, before it sends pending writes to the server, to ensure those writes are processed auth an up to date authentication state.
您的问题不是您的身份验证会话/ID令牌已过期,而是应用程序或Android上的SDK的某些部分要求用户重新输入其凭据.解决此问题应首先弄清楚该提示来自何处.
Your problem is not that your authentication session/ID tokens expires, it's that some part of the app or the SDKs on Android is asking the user to re-enter their credentials. Troubleshooting this problem should start with figuring out where that prompt comes from.