Users with refresh token disabled should perform whenUnAuthed processing #248
Labels
enhancement
New feature or request
Comments
|
I'm sorry, it was partially duplicated with the following issue. If I find a solution, I would like to make a pull request |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Use the Firebase admin sdk feature to revoke the refresh token for a particular user.
At that time, if the user (with cookies still attached by next-firebase-auth) goes to the site, an error will be placed with status code 500.
Normally, when the refresh token is revoked, you need to tell the user to reauthenticate.
reference: https://firebase.google.com/docs/auth/admin/manage-sessions#revoke_refresh_tokens
Probably the source code of the cause is here.
Describe the solution you'd like and how you'd implement it
A clear and concise description of what you want to happen.
I think that it is necessary to handle each error code appropriately by referring to the list of error codes in the reference below.
https://firebase.google.com/docs/reference/rest/auth#section-refresh-token
Is this a breaking change?
Would this require existing users to change how they're using
next-firebase-auth?I don't think it's a breaking change
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
In the refreshExpired function, if there is any error in getting the id Token, I think it is necessary to set AuthUser to {} ,
The text was updated successfully, but these errors were encountered: