Firebase Cloud Messaging: Why do registration tokens get deleted? - firebase

In our app we use Firebase Cloud Messaging to send push notifications to our users. We save the registration tokens of our users in our SQL database and when a user logs in or out we use the Firebase API to manage his topic subscriptions.
This works out pretty well in most of the cases but now the topic subscriptions return the following error for some of our registration tokens:
The provided registration token is not registered. A previously valid registration token can be unregistered for a variety of reasons. See the error documentation for more details. Remove this registration token and stop using it to send messages
In which cases does Firebase delete previously registered registration tokens? I can not find any specific information about this in the error documentation.
Thanks for your help!

From the documentation:
A previously valid registration token can be unregistered for a variety of reasons, including:
The client app unregistered itself from FCM.
The client app was automatically unregistered. This can happen if the user uninstalls the application or, on iOS, if the APNS Feedback
Service reported the APNS token as invalid.
The registration token expired. For example, Google might decide to refresh registration tokens or the APNS token may have expired for
iOS devices.
The client app was updated, but the new version is not configured to receive messages.

Related

Generate Firebase Verify token on the backend side

We are migrating users to the Firebase and for specific app reasons I need to create a verify token on the backend side.
So the schema is next -
I receive the user email and password from the user. Passing it to
the backend.
Backend generates a verify token, retrieves all the
info from Firebase, and informs the user.
I'm looking for some way to do it with firebase SDK, but I don't see any option.

Firebase - Email / Password provider device authorization endpoint

I'm trying to implement OAuth 2.0 device authorization for a Firebase project that uses the Email / Password provider for sign in.
In a response from a previous question I was able to test device authorization using a Firebase Device Flow project and the Github and Google providers successfully.
For each of these providers there is an endpoint that is used to request a device code:
Google https://oauth2.googleapis.com/device/code
Github https://github.com/login/device/code
Facebook has the following endpoint, which I have successfully tested:
Facebook https://graph.facebook.com/v2.6/device/login
Is there an equivalent device code authorization endpoint for the Email / Password provider?
EDIT: Looking at the firebase auth library I don't see a credential method that takes an access token. This implies perhaps this isn't possible. Perhaps something could be built to use the credentialWithLink method; an email would be sent with device id and the sign in would enable the polling client to receive a response with a link.
I ended up building the infrastructure myself by setting up:
Endpoints: to get a device token, sign in to validate the device code, get a custom user token for a device token
Website: for the user to enter in credentials to send to validate the device code
Client app: to request the device token, show the qr code and poll for the user token and swap the custom token using the firebase auth method signInWithCustomToken
I used firestore to store the device tokens and update them with the uid, expiry timestamp and verification state with each step.

What does firebase use to generate a registration token?

I have already created a push notification system using firebase. It generates and saves a token for a user, then upon login displays their subscription status. It works fine, unfortunately it’s only one device per user, the most recent device they logged in on. I’d like to allow for multiple devices per user.
I’m assuming firebase uses some ID unique to each device to generate a token. If I’m wrong in that assumption, please point me in the right direction.
As Doug commented, since FCM doesn't associate its tokens with users, this is probably some limitation in your implementation.
You'll want to allow multiple ID tokens per user in your database, and then send to all tokens for the current user. If the device/app install can be shared between users, you'll want to remove the association between the user and the token for that installation when the user signs out/a new user signs in.
On associating tokens with users, see:
Is FCM (firebase cloud messaging) Token for one device or for one account?
When to register an FCM token for a user
How to get Firebase user id from FCM token? (in admin code on server)
And then finally you'll also want to clean up any tokens that FCM flags as not valid anymore, as otherwise you'll keep adding more and more tokens, which may not be valid anymore.
On deleting expired tokens, see:
When device token expires, is it automatically removed from FCM device group?
How do I identify and delete the expired FCM token on server?

How can I solve a "messaging/registration-token-not-registered" error in Firebase?

This is the documentation for the error:
The provided registration token is not registered. A previously valid registration token can be unregistered for a variety of reasons, including:
The client app unregistered itself from FCM.
The client app was automatically unregistered. This can happen if the user uninstalls the application or, on iOS, if the APNS Feedback Service reported the APNS token as invalid.
The registration token expired. For example, Google might decide to refresh registration tokens or the APNS token may have expired for iOS devices.
The client app was updated, but the new version is not configured to receive messages.
For all these cases, remove this registration token and stop using it to send messages.
In order to figure out what the error is, I first need to narrow it down to one of the following four reasons. But first I have to understand what they mean.
App Unregistered: What does it mean for an app to unregister? How can I test it?
Invalid APNS token: How can I check this?
Expired token: The tokens are brand new, so this seems unlikely, but how can I validate this?
Not configured to receive messages: It's the same app that's generating these tokens, so what else needs to be done? How can I test this?
Overall, my big question is, how can I test any one of these 4+ circumstances in which this error might be thrown? What can I do to make progress here?

I want a way to accurately track user token removals & app uninstalls for my app in Android (GCM) and Apple (APNS)

I'm looking to accurately track users who decide they no longer want receive push notifications from my app OR users who delete the app.
https://developer.apple.com/library/content/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/BinaryProviderAPI.html
From Apple documentation here there are some push error codes but none seem to fit clearly with user token removal. A
https://developers.google.com/cloud-messaging/http-server-ref#table9
From the Google docs this following error code seems to be close to what I want.
Error
Unregistered Device
HTTP Code
200 + error:NotRegistered:
Recommended Action
An existing registration token may cease to be valid in a number of scenarios, including:
If the client app unregisters with GCM.
If the client app is automatically unregistered, which can happen if
the user uninstalls the application. For example, on iOS, if the APNS
Feedback Service reported the APNS token as invalid.
If the registration token expires (for example, Google might decide
to refresh registration tokens, or the APNS token has expired for iOS
devices).
If the client app is updated but the new version is not configured to
receive messages.
For all these cases, remove this registration token from the app server and stop using it to send messages.
It seems here there is no way to differentiate between app uninstalls / token removals & token expiration
I already am sure uninstalls can't be track with Apple.

Resources