Authentication works seamlessly with backend endpoints ($75) #499
Comments
|
Just to clear this up do you need Pentesting as well or just some Unit written up? |
He is referring to changing the uid params in the backend to use the auth util to get the current user's uid and removing the uid param in the app and replacing it with auth header |
|
@CoderMANE321 are you working on it? |
|
@mdmohsin7 Not yet, but I'll start on it today |
|
@mdmohsin7 Hey, I've looked over it, and to me everything looks fine, I was looking to either implement some code or pentest but it just needs some unit tests to confirm I didn't clone the project I only did a static analysis Sorry if this doesn't help but I would want some more access if I was going to create these test Good luck on the product and happy hacking =) |
Should close #499 Token is valid for one hour, we can keep refreshing the token as long as the refresh token is not revoked. The refresh token gets revoked only if the users account is deleted/disabled or revoked manually from the backend. When the token is expired, Firebase Auth will automatically prompt the user to log in when they open the app. The `getAuthHeader` func refreshes the token only if it has expired or is empty or is about to expire in 5 minutes.
Is your feature request related to a problem? Please describe.
getIdTokenworks seamlessly with authorization endpoints in backend.So instead of sending uid as query parameter, the app should send an Authorization header with the idToken generated by firebase.
This is 80% implemented, needs polishing, testing, and 100% working, can't have any failures.
Check what happens when the token expires, and how frequently firebase expires the token.
Check if on main there has to be some sort of silent sign In
This should work for android and ios.
The text was updated successfully, but these errors were encountered: