-
Notifications
You must be signed in to change notification settings - Fork 422
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication works seamlessly with backend endpoints ($75) #499
Comments
Just to clear this up do you need Pentesting as well or just some Unit written up? |
He is referring to changing the uid params in the backend to use the auth util to get the current user's uid and removing the uid param in the app and replacing it with auth header |
@CoderMANE321 are you working on it? |
@mdmohsin7 Not yet, but I'll start on it today |
@mdmohsin7 Hey, I've looked over it, and to me everything looks fine, I was looking to either implement some code or pentest but it just needs some unit tests to confirm I didn't clone the project I only did a static analysis Sorry if this doesn't help but I would want some more access if I was going to create these test Good luck on the product and happy hacking =) |
Should close #499 Token is valid for one hour, we can keep refreshing the token as long as the refresh token is not revoked. The refresh token gets revoked only if the users account is deleted/disabled or revoked manually from the backend. When the token is expired, Firebase Auth will automatically prompt the user to log in when they open the app. The `getAuthHeader` func refreshes the token only if it has expired or is empty or is about to expire in 5 minutes.
Is your feature request related to a problem? Please describe.
getIdToken
works seamlessly with authorization endpoints in backend.So instead of sending uid as query parameter, the app should send an Authorization header with the idToken generated by firebase.
This is 80% implemented, needs polishing, testing, and 100% working, can't have any failures.
Check what happens when the token expires, and how frequently firebase expires the token.
Check if on main there has to be some sort of silent sign In
This should work for android and ios.
The text was updated successfully, but these errors were encountered: