How to persist user after Firebase Token expired in 1 hour?

Question

I am using Firebase in my project and use the method getIdToken() to return a token and authenticate the user. However, the user session in the app always expire after 1 hour because of the token expiration, how do I manage to persist the user session after it had expired ?

I've read the firebase document and other questions about the problem and it seems like I have to use the refresh token to persist the session after the token expiration, but I still do not fully understand and find it difficult to implement. For example, I read the answer from How to use the Firebase refreshToken to reauthenticate? and Firebase: When should I use refreshToken?, from what i understand it means that when we make a call .getIdToken(true) Firebase has already manage the refresh token and we don't need to handle it, is it correct ?

Thanks for any help.

Answer 1

User sign-ins always persist until you manually call the signOut method provided by your platform's SDK. There's nothing you have to do do get the refresh token to work - that is all managed by the SDK as well.

What you have to do is use an "auth state listener" to determine when that refresh is complete, since it's not instantaneous. If you don't use a listener, and instead access "currentUser" directly, the current user will appear null until the refresh succeeds. The refresh will not succeed while offline, nor will it be immediate.

Since you haven't indicated which platform you're working on, I can't provide links to relevant documentation, but the scheme is similar for all of them.