Skip to content

Refresh firebase token when user is logged in#30

Merged
wmiq84 merged 3 commits intomainfrom
fix/expired-tokens
Mar 11, 2026
Merged

Refresh firebase token when user is logged in#30
wmiq84 merged 3 commits intomainfrom
fix/expired-tokens

Conversation

@wmiq84
Copy link
Copy Markdown
Contributor

@wmiq84 wmiq84 commented Mar 3, 2026
edited
Loading

Changes

  • Added AuthProvider component which uses onIdTokenChanged to update the auth cookie on token refreshing (done automatically by Firebase before timing out)
  • Added error handling, contexts folder, and security attributes

Testing

  • For testing that the auth cookie gets updated on tokens refreshing, replace the AuthProvieder component with this version, where getIdToken(true) fetches a new token every 5 seconds
  • Then, check the console logs for "token refreshed"
  • I manually tested that Firebase refreshes the token before timing out by waiting an hour
  • The cookie security attributes can be checked in the Network tab of Inspect page
"use client";
import { useEffect } from "react";
import { auth } from "@/firebase/firebase";

export default function AuthProvider({ children }: { children: React.ReactNode }) {
  useEffect(() => {
    const unsubscribe = auth.onIdTokenChanged(async (user) => {
      try {
        if (user) {
          const token = await user.getIdToken();
          document.cookie = `firebaseAuthToken=${token}; path=/; Secure; SameSite=Strict`;
          console.log("token refreshed");
        } else {
          document.cookie = `firebaseAuthToken=; path=/; Secure; SameSite=Strict; expires=Thu, 01 Jan 1970 00:00:00 GMT`;
          console.log("token cleared");
        }
      } catch {
        document.cookie = `firebaseAuthToken=; path=/; Secure; SameSite=Strict; expires=Thu, 01 Jan 1970 00:00:00 GMT`;
      }
    });

    const interval = setInterval(async () => {
      if (auth.currentUser) await auth.currentUser.getIdToken(true);
    }, 5_000);

    return () => {
      unsubscribe();
      clearInterval(interval);
    };
  }, []);

  return <>{children}</>;
}
image

@wmiq84 wmiq84 marked this pull request as ready for review March 3, 2026 23:38
@wmiq84 wmiq84 requested a review from navyaa31 as a code owner March 3, 2026 23:38
navyaa31
navyaa31 requested changes Mar 4, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@navyaa31 navyaa31 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing this so fast! I just left a few comments

Comment thread frontend/src/app/components/AuthProvider.tsx Outdated
useEffect(() => {
const unsubscribe = auth.onIdTokenChanged(async (user) => {
if (user) {
const token = await user.getIdToken();
Copy link
Copy Markdown
Collaborator

@navyaa31 navyaa31 Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add error handling around this

Comment thread frontend/src/app/components/AuthProvider.tsx Outdated
Copy link
Copy Markdown
Collaborator

@navyaa31 navyaa31 Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we move this file into a folder called contexts?

Comment thread frontend/src/app/components/AuthProvider.tsx Outdated
const unsubscribe = auth.onIdTokenChanged(async (user) => {
if (user) {
const token = await user.getIdToken();
document.cookie = `firebaseAuthToken=${token}; path=/`;
Copy link
Copy Markdown
Collaborator

@navyaa31 navyaa31 Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we set security attributes on this?

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie

@navyaa31 navyaa31 requested review from nakazawak and siwenshao March 4, 2026 01:28
@wmiq84 wmiq84 requested a review from navyaa31 March 9, 2026 04:04
navyaa31
navyaa31 approved these changes Mar 10, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@navyaa31 navyaa31 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, thanks for addressing comments

siwenshao
siwenshao approved these changes Mar 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@siwenshao siwenshao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me!

@wmiq84 wmiq84 merged commit ed1933b into main Mar 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@navyaa31 navyaa31 navyaa31 approved these changes

@siwenshao siwenshao siwenshao approved these changes

@nakazawak nakazawak Awaiting requested review from nakazawak

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wmiq84 @navyaa31 @siwenshao