CODEWITHSUNDEEP
androidfirebase-authenticationgoogle-authenticationfacebook-authentication
kandroid
kandroid

Reputation: 191

Firebase Android Authentication failed: expired_token (Auth token is expired)

I encounter an issue with Android Firebase Auth using com.google.gms:google-services:3.0.0 and com.google.firebase:firebase-auth:9.0.1.

1 hour after authentication with Firebase (Google or Facebook), I get the following error:

W/PersistentConnection: pc_0 - Authentication failed: expired_token (Auth token is expired)

Why does Firebase token expire after 1 hour and how to extend this expiration period?

UPDATE

I still encounter this issue, Firebase token expires after 1 hour. Now I get the following message: W/PersistentConnection: pc_0 - Authentication failed: invalid_token (Invalid claim 'kid' in auth header.)

I appreciate any help.

Upvotes: 13

Views: 15807

Answers (4)

Momen Zaqout
Momen Zaqout

Reputation: 1498

check if the last user is null or expired

GoogleSignInAccount account = GoogleSignIn.getLastSignedInAccount(context);
        if (account == null || account.isExpired()) {
            System.out.println("AccountGoogle: null");
            GoogleSignInClient mGoogleSignInClient = GoogleSignIn.getClient(context, gso);
            Intent signInIntent = mGoogleSignInClient.getSignInIntent();
            fragment.startActivityForResult(signInIntent, RC_SIGN_IN);

        }

Upvotes: 0

Karthi R
Karthi R

Reputation: 1368

If we use default Auth providers like (Google, Facebook, Email..), updating "SHA-1 key" of your Application in firebase console would fix the token expiry issue.

In this discussion a Google developer shared a guide to solve this problem.

Guide: https://drive.google.com/file/d/0B94LePkXiqa6SXVFd3N1NzJHX1E/view

Upvotes: 3

Jigarius
Jigarius

Reputation: 416

The new maximum life time for Firebase Tokens is 1 hour - I read it in the docs earlier today.

As for Invalid claim 'kid' in auth header., I get exactly 2 search results on Google for that (: No documentation related to kid in Firebase docs. I guess we will have to wait for answers from Google (or switch back to the old version of Firebase if possible).

Upvotes: 0

pRaNaY
pRaNaY

Reputation: 25310

Try to implement FirebaseInstanceIdService to get refresh token.

Access the registration token:

You can access the token's value by extending FirebaseInstanceIdService. Make sure you have added the service to your manifest, then call getToken in the context of onTokenRefresh, and log the value as shown:

    @Override
public void onTokenRefresh() {
    // Get updated InstanceID token.
    String refreshedToken = FirebaseInstanceId.getInstance().getToken();
    Log.d(TAG, "Refreshed token: " + refreshedToken);

    // TODO: Implement this method to send any registration to your app's servers.
    sendRegistrationToServer(refreshedToken);
}

The onTokenRefreshcallback fires whenever a new token is generated, so calling getToken in its context ensures that you are accessing a current, available registration token. FirebaseInstanceID.getToken() returns null if the token has not yet been generated.

Code:

import android.util.Log;

import com.google.firebase.iid.FirebaseInstanceId;
import com.google.firebase.iid.FirebaseInstanceIdService;


public class MyFirebaseInstanceIDService extends FirebaseInstanceIdService {

    private static final String TAG = "MyFirebaseIIDService";

    /**
     * Called if InstanceID token is updated. This may occur if the security of
     * the previous token had been compromised. Note that this is called when the InstanceID token
     * is initially generated so this is where you would retrieve the token.
     */
    // [START refresh_token]
    @Override
    public void onTokenRefresh() {
        // Get updated InstanceID token.
        String refreshedToken = FirebaseInstanceId.getInstance().getToken();
        Log.d(TAG, "Refreshed token: " + refreshedToken);

        // TODO: Implement this method to send any registration to your app's servers.
        sendRegistrationToServer(refreshedToken);
    }
    // [END refresh_token]

    /**
     * Persist token to third-party servers.
     *
     * Modify this method to associate the user's FCM InstanceID token with any server-side account
     * maintained by your application.
     *
     * @param token The new token.
     */
    private void sendRegistrationToServer(String token) {
        // Add custom implementation, as needed.
    }
}

I hope its helps you.

Upvotes: 0

Related Questions