I have an android app that uses firebase to handle and send push notifications. When an user logs-in, it is automatically subscribed to a topic in firebase and saved the token in my database.
If after logging into the app, the users uninstall the app, their token is still in firebase, subscribed to the topic. If firebase call sendToTopic("topic"), probably will fails due this invalid token.
There is any way to get notified about those invalid tokens? I need those tokens to unsubscribe it from the topic and remove it from my database.
Related
Im trying to use firebase cloud messaging to enable push notifications on my PWA.
but i can't figure out how to save tokens after the 'user' click on 'accept' on the push notification subscription message.
Should i save token to a firebase database? or there is a automatic system to subscribe/unsubscribe/ clean the list of tokens.
Did you mean registration tokens? If so, please check out this doc which has comprehensive information about how to manage registration tokens.
TLDR
I am looking for somewhere to send cognito JWT's from the backend to verify the user's status.
I currently have a react app, with a serverless apollo api, and dynamodb database, all running locally.
The react client uses aws-amplify to register, sign-in etc with
aws-cognito - returning access, id and refresh tokens.
Users can also sign in with facebook and google,
amplify.Auth.federatedSignIn which returns the cognito identity
credentials.
The tokens are then passed to the backend, where they are verified.
So far I cannot find where to send the tokens from the backend, to verify that the user is signed in to cognito.
I have scoured the docs but TBH that has left me more confused.
As far as I can understand, in production API Gateway, or AppSync can intecept the tokens between the front and backend, but since I have verified tokens at the backend currently is there an endpoint or SDK method I can hit with tokens/ access keys etc to check the users status?
Feel free to tell me if I'm going about this the wrong way.
If you need to verify that a token is valid and unexpired, with the JavaScript SDK use
const cognitoServiceProvider = new AWS.CognitoIdentityServiceProvider({apiVersion: '2016-04-18'});
await cognitoServiceProvider.getUser({
AccessToken: accessToken
}).promise();
This will throw an error if the token is not valid.
If you are using a different SDK, find the equivalent call.
When I generate an FCM token in the browser I also send it to my server, which subscribes it to a topic with the firebase admin module like so:
messaging.subscribeToTopic(token, 'all')
I'm wondering if I delete the token in the browser using the messaging.deleteToken(currentToken) method do I also need to unsubscribe that same token using messaging.unsubscribeFromTopic(token, 'all'); on my server or does firebase do that automatically when the token is delete?
A topic subscription is really just a simple way to subscribe many ID tokens to a string. On the FCM fan-out servers that is pretty much exactly what is stored: a list of tokens associated with each topic.
Deleting a token will not really unsubscribe the token from the topic. But since the token is the only way that FCM can deliver messages to a device, messages sent to any topics the token was subscribed to can no longer be delivered (and will be cleaned up behind the scenes automatically).
Is it possible to push web notification in Firebase for anonymous users with using just the UID because there will be no tokens for anonymous authentication.
The firebase authentication UID are not related to the tokens you get from the WebPush subscription.
That means you can subscribe any kind of user with webpush as described here, and don't even think about firebase authentication.
As far as I know firebase Otp verification works on the following way.
1)On each platforms firebase provides a custom UI for sending and reading OTP.
2)After successful Otp verification firebase returns user data along with a token.
My question is there any way to check that token is valid or not .
I can't find anything about the token verification API from their documentation.
After phone number authentication you get a Firebase ID token like you do for all other firebase authentication methods. You can get it by calling firebase.auth().currentUser.getIdToken().
To verify it on your own server, you can send it to your server along with authenticated requests and use the Firebase admin SDK verifyIdToken to verify that ID token and parse its underlying claims.