Handle expired / about to expire JWT! Best practices Handle expired / about to expire JWT! Best practices
we need right methodology for bad / expired tokens & or banking type timer to kick you out after 10 minutes or so
No, a Firebase JWT (JSON Web Token) does not automatically refresh itself; however, Firebase Authentication provides a "refresh token" mechanism, which allows you to obtain a new ID token (JWT) when the current one expires by sending the refresh token to the Firebase backend to get a fresh ID token.
Key points about Firebase JWT and refresh tokens:
Short-lived ID tokens:
Firebase ID tokens (JWTs) are designed to have a short lifespan, typically around an hour, meaning they expire quickly.
Refresh tokens:
To maintain a session after the ID token expires, you need a refresh token, which can be used to request a new ID token from Firebase.
Manual refresh process:
Your application needs to implement logic to detect when the ID token is about to expire and send the refresh token to Firebase to get a new ID token.
