Reputation: 1186
How to shorten the expiration time on Firebase auth tokens for testing
I am trying to test my refresh token logic using Firebase auth but waiting an hour for it to expire is maddening. The documentation doesn't seem to mention anything about customizing the time: https://firebase.google.com/docs/auth/admin/create-custom-tokens
I am signing in with:
firebase
.doSignInWithEmailAndPassword(email, password)
Ideally I would like it to expire in five minutes or less. Anyone know how to do this?
FWIW: I found this discussion (https://groups.google.com/forum/#!msg/firebase-talk/NWKw28SvBi8/fi4s2l1rAgAJ) which makes it sound like it wasn't possible over a year ago, just hoping this has changed or someone has found a workaround since then.
Upvotes: 5
Views: 2197
Answers (3)
Reputation: 826
Short answer: You can't (at least till now)
Manage User Sessions
Firebase Authentication sessions are long lived. Every time a user signs in, the user credentials are sent to the Firebase Authentication backend and exchanged for a Firebase ID token (a JWT) and refresh token. Firebase ID tokens are short lived and last for an hour; the refresh token can be used to retrieve new ID tokens. Refresh tokens expire only when one of the following occurs:
- The user is deleted
- The user is disabled
- A major account change is detected for the user. This includes events like password or email address updates.
The Firebase Admin SDK provides the ability to revoke refresh tokens for a specified user. In addition, an API to check for ID token revocation is also made available. With these capabilities, you have more control over user sessions. The SDK provides the ability to add restrictions to prevent sessions from being used in suspicious circumstances, as well as a mechanism for recovery from potential token theft.
reference: https://firebase.google.com/docs/auth/admin/manage-sessions
Upvotes: 0
Reputation: 4801
You can actually revoke tokens based on your own preferences in Firebase Admin SDK though it depends on your use-case ofcourse.
Upvotes: 0
Reputation: 600131
There is no way to change the expiration time for ID/access tokens minted by Firebase Authentication itself. The only thing I can think of is minting your own tokens, and setting the exp property to suit your needs.
Upvotes: 4
Related Questions
- How to detect idToken expiry?
- Firebase Authentification expiresIn (time needed for token to expire )
- Create firebase auth token which never expires
- Is there a way to set an expiry on Firebase refresh tokens?
- auth/user-token-expired error in custom firebase authentication
- Extend "expirationTime" in Firebase Auth "stsTokenManager" in React Native
- Firebase authentication tokens expiration duration
- Firebase auth set custom expiration time for custom token
- Extend the Expiry Time and Date in Firebase OAuth2 access JWT Token
- How can I increase the expiry time of a Firebase token?