Firebase id token longer expire time

Question

I have an app that tracks the users location in the background. Every few minutes it sends a http request to firebase with data.

So I made function that handles the data (coordinates, username etc) and put it in the database. That works, but I want 'security', because everyone can put a random username in the request.

I learned about ID tokens, to verify the user, but there's a problem:

The package that provides the tracking doesn't change the id token. Example: i want to track three hours, once I press start, the package will send 3 hours the location & the data I gave it when i pressed start (here: the id token)

But if the id token expires, the package will keep giving the old id token. (because it can't fetch a new token in the background when the app is closed)

So my question:

Is there a possiblity to extend the id token expire time? or are there other user verification methods?

Thanks!

Answer 1

Firebase Authentication ID tokens are valid for one hour, and that duration can't be changed. What you're supposed to do is refresh the ID token every hour. Or, you can check the response from your endpoint that indicates the Admin SDK can't verify the token due to its age. In that case, the client can refresh immediately and try the request again.

The Firebase client SDKs for each platform have an API for performing the refresh. Since you didn't say which platform you're using, I'll give you a link to the Android API. Pass true to getIdToken to force the refresh, or just accept what it provides, which will be fresh. Other platforms are similar.