Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Authenticated as a user after logging out and reinstalling

See original GitHub issue

Android device: Moto E3
Android OS version: 6.0
Google Play Services version: 10.2.1
Firebase/Play Services SDK version: 10.2.1
FirebaseUI version: 1.2.0

The problem:

Steps to reproduce:

On logging in with facebook
logging out with the following (verifying it works and CompleteListener is called)

AuthUI.getInstance()
                .signOut(this)
                .addOnCompleteListener(task -> {
                    if (task.isSuccessful()) {
                        finish();
                    } else {
                        Toast.makeText(this, R.string.sign_out_failed, Toast.LENGTH_LONG).show();
                    }
                });

Uninstalling and reinstalling
On launch, the first thing I do is call FirebaseAuth.getInstance().getCurrentUser() which returns the user that I had logged out before reinstalling
Additionally: If I retry these steps, and instead of uninstall/reinstall in step 3, I just kill the app and relaunch, I’m getting null for FirebaseAuth.getInstance().getCurrentUser()

NOTE: I’m also allowing backup in my manifest with android:allowBackup="true"

It appears to not happen if I set android:allowBackup="false" although I haven’t tested this extensively enough to be 100%.

Expected Results:

After logging out, having no other way to get the current user without first logging back in

Issue Analytics

State:
Created 6 years ago
Comments:10 (3 by maintainers)

Top GitHub Comments

2reactions

samtsterncommented, May 5, 2017

@ahaverty so I can’t say I know what Facebook is storing locally on the phone, but I can tell you what Firebase is storing.

Firebase keeps an authentication token in your app’s local storage. This identifies the user but does not give them access to actually do anything unless it’s refreshed every hour. The Firebase SDKs that use this token (like realtime database) seamlessly handle this refresh for you which is why you don’t have to think about it. If you attach an AuthStateListener in your app you’ll see that you get a new event every hour as the token changes.

So there’s no security risk of restoring this token, since auto backup is linked to the user’s google account anyway. This would be different if we were storing, say, a Google Sign In access_token which could be taken out of context and used to impersonate the user.

1reaction

SUPERCILEXcommented, May 4, 2017

@ahaverty Noooooooooooooo! 😁 Please don’t disable auto backup; this “bug” is a feature that’s great UX. The idea is that if a user is changing devices or reinstalling your app for one reason or another, they can get right back to whatever they were doing instead of having to go through some long and annoying setup. Hope this swayed your opinion a little! 😁

Top Results From Across the Web

user keeps logged in after uninstalling and installing the app

Clear the browser's cookies; notice that then on app re-install/login the user will be required to authenticate; Call the WebAuthProvider.logout ...

FirebaseAuth.getCurrentUser() after logout, deleting and ...

I complete login with phoneNumber, complete logout, delete and install app again and FirebaseAuth.getCurrentUser() give me this user again. How ...

Logging Out an Authenticated User | platformOS Docs

This guide will help you create an authentication form to log out authenticated users.

Articles Why am I unable to log in to Windows after installing ...

Log in to the Duo Admin Panel and make sure that you've added a user with a username that matches the Windows username....

Azure AD Connect: Troubleshoot Pass-through Authentication

For errors related to the Authentication Agent, open up the Event Viewer application on the server and check under Application and Service Logs\ ......