Skip to content Skip to sidebar Skip to footer

How To Detect IdToken Expiry?

I have a login page that authenticates users using signInWithEmailAndPassword() using Javascript client SDK. If a login is successful, user is redirected (along with the idToken)

Solution 1:

Using the Firebase Node.js Admin SDK, you can check for a revoked or expired ID token when calling verifyIdToken() by setting the checkRevoked parameter to true.

verifyIdToken(idToken: string, checkRevoked?: boolean): Promise<DecodedIdToken>

checkedRevoked: boolean
Whether to check if the ID token was revoked. This requires an extra request to the Firebase Auth backend to check the tokensValidAfterTime time for the corresponding user. When not specified, this additional check is not applied.

admin.auth().verifyIdToken(idToken, true)
  .then(function(decodedToken) {
    let uid = decodedToken.uid;
    // ...
  }).catch(function(error) {
    // Handle error for expired ID token
  });

Alternatively, the ID token payload claims may be checked on the client. The documentation for how to Verify ID tokens using a third-party JWT library show the payload claims.

exp expiration time: Must be in the future. The time is measured in seconds since the UNIX epoch.

jwt.io references libraries that support client-side token verification.

Also see: How to decode the JWT encoded token payload on client-side in angular 5?


Post a Comment for "How To Detect IdToken Expiry?"