onAuthStateChanged returns old user data when user's refresh token is expired

[kanclalg]

Hi,
we're using firebase.init and passing onAuthStateChanged function as a callback. Problem is that when we disable or delete user in firebase console after about one hour that user's refresh token is expired and onAuthStateChanged should return { "loggedIn": false, "user": null } but instead - on the first run after it is expired it returns old user's data and almost immediately after that it returns new data. We're setting authData to our store and doing some actions right after it is changed so it's causing us issues.

Currently we use this code as a workaround:

onAuthStateChanged: (data) => {
    // if user is disabled/deleted and token is expired it should return data that user is logged out but sometimes it returns old users data. getAuthToken throws error if token is invalid and user should relogin
    firebaseService.getAuthToken().then(_ => {
        store.dispatch(new SetAuthStateDataAction(data));
    }).catch(_ => {
        store.dispatch(new SetAuthStateDataAction({ loggedIn: false, user: null }));
    });
}

It can be reproduced with iOS simulator. Just login with some user, disable user in firebase console, wait a bit and run the app again.

[EddyVerbruggen]

That's a thorough bug report, thanks! One question: do you experience this on Android as well?

[kanclalg]

Yes, it's working the same on android too. First I get old user's data and then immediately new one. Just like in the screenshot.

[EddyVerbruggen]

What I'm reading is Firebase will trigger onAuthStateChanged once the oauth token has expired (after about an hour after deleting a user). Until then getCurrentUser will return the client-side user.

So I just tested this on Android:

• Log in anonymously
• Remove the user on the Firebase console
• Wait for about an hour

Eventually my app was invoked with a null user.

Perhaps iOS behaves differently, but this seems like correct behavior on Android to me.