Firebase (FCM) registration token - firebase

I am the new for FCM. Here are some questions about the registration token:
Is the registration token generated by the FCM connection server?
Does the token change periodically in the connection server?
When?
Will it force the onTokenRefresh() in the app to be called?
I have googled for a week but didn't get any details. Please help. Thanks.

1. Is the registration token generated by the FCM connection server?
No. It gets generated by the FirebaseInstanceID. The way I understand the flow of event on first time registration:
The app retrieves a unique Instance ID.
The registration token is generated by calling the InstanceId.getToken().
Developer (usually) sends the token to the App Server.
2. Does the token change periodically in the connection server?
I think the onTokenRefresh() docs pretty much answers this.
Called when the system determines that the tokens need to be refreshed. The application should call getToken() and send the tokens to all application servers.
This will not be called very frequently, it is needed for key rotation and to handle Instance ID changes due to:
App deletes Instance ID
App is restored on a new device
User uninstalls/reinstall the app
User clears app data
The system will throttle the refresh event across all devices to avoid overloading application servers with token updates.
See this part of the docs for more details.

Related

FCM Token - When should I store/save it on my DB?

I am not sure what a proper FCM token handling mechanism would be so I’m writing our process down here just to get some validation or suggestions for improvements:
Fetch FCM token on client Login (Flutter)
Save FCM token on our Database (Using our REST API)
Delete FCM token on Logout (Using our REST API)
Q1: Should we be getting the FCM token more often than just on login? AFAIK, FCM token only changes on app re-installs, clearing cache, etc. Does this also include app-updates from the PlayStore? In that case, should we save the FCM token on every app launch since the user will remain logged in after an app update and hence we wouldn't trigger the save FCM call.
Q2: Did I mention the right way to handle deleting FCM tokens from our DB? We don’t want the user to keep getting notifications once they have logged out.
Q3: An add-on idea is to send the device_id to the server along with the fcm_token so that server deletes all previously saved FCM tokens for that device_id. This is useful to not have useless tokens on the DB from cases where the user uninstalls the app without logging out (which means that the DELETE fcm_token call never went through.)
The FCM token is refreshed under conditions that you don't control, and those conditions have even changed over time. To handle token updates properly, you'll need to implement both initially getting the token and then monitoring for token updates.
Note that FCM tokens are not associated with a user. It is fine if you want to associate them with a user, but it's up to your application code in that case to maintain the association. So that for example includes deleting the token from your database when the user signs out, as you're doing in step 3. 👍
For keeping your token registry clean, you can indeed do this proactively as you intend, or reactively as shown here: https://github.com/firebase/functions-samples/blob/master/fcm-notifications/functions/index.js#L76-L88
Hi Rohan fundamentaly you should use below logic to save tokens on server.
Step1:
as soon as you get token in callback whether new or same try to save it localstorage.
Step2:
Call your REST API to save it to your server. it is upto you if you want to send unique user identifier along with the token.
Step3:
It is obvious you will recieve token callback a lot of time so you can check whether you have similar token in localstorage, it means you have the token on the server so no point calling REST API.
Step 4: Now your app can send events back to server and based on it trigger Push notifications to the users.
Step 5: You can Add/update user token based on uniqye user identifier. In some cases a user can be guest user, so your app should generate guest userId and link it with token.
Stay safe.

How a Firebase token is generated?

I'm doing analysis on Firebase Token and understood below points:-
-> A Firebase token is saved in database which will be used for sending notifications.
-> The token generally do not expire except in the following cases:
- The app deletes Instance ID
- The app is restored on a new device
- The user uninstalls/reinstall the app
- The user clears app data.
-> When we use a token which is expired we get errors like Not Registered from the response while sending messages.
-> To avoid the error, we should be deleting the token from database.
However I have found that If we login to a cloud application (which is my app currently), a new fcm token gets generated when i logged in to a new browser say FireFox, Edge etc.
So, the token is generated based on browser or System IP or what exactly the Fcm uses to generate a token ?
The method used to generate the token is an implementation detail, and you should not depend on that to build your app.
A token uniquely identifies a device. Each device receives messages independently of each other, and does not know anything about the user of that device. It's expected that if a user signed into an app on multiple devices, that each device would generate a unique token. If you want to send message to a user, you will have to map each of the user's device tokens in your own database, and send the message to each of them, or only the ones that the user chooses.
You can expect that device tokens might change over time. If you send a message to a device, and the API tells you that the token is not valid, you should simply delete it from your records.

Firebase Rest API Authentication ID Token and Token Refresh in React Native

Firebase Official docs says that Firebase Token ID of a user expires in 1 hour . to generate a new token refresh token id is to be passed to an end point where in response the client receives new token id .
So question is that to keep a persistent Loged in behaviour in my react native app while user is not using app in foreground for hours would i have to start a background service that refreshes Firebase Token ID after every hour? or is their a better and easy way to keep firebase token id for users refreshed and keep user loged in.
Firebase Auth State Persistence (recommended)
The Firebase web API provides the following options for Authentication State Persistence:
local: Indicates that the state will be persisted even when the browser window is closed or the activity is destroyed in React Native. An explicit sign out is needed to clear that state. Note that Firebase Auth web sessions are single host origin and will be persisted for a single domain only.
session: Indicates that the state will only persist in the current session or tab, and will be cleared when the tab or window in which the user authenticated is closed. Applies only to web apps.
none: Indicates that the state will only be stored in memory and will be cleared when the window or activity is refreshed.
Using the Firebase state persistence API directly is by far the most straight forward solution.
However, if you are set on implementing state persistence from scratch using the Firebase Admin SDK, then you could do the following.
Custom State Persistence (not recommended)
User signs in.
The Firebase user ID and a secret token generated by the server are saved in storage, for example, React Native AsyncStorage. The secret token is also stored in a database.
While the app is running, refresh tokens are periodically retrieved to keep the session live.
User closes the app.
User opens the app.
App checks storage for the Firebase user ID and the secret token. If found, these are sent to the server to confirm if the secret code matches the code stored in the database.
If the secret code matches, the server then generates a custom auth token based on the Firebase user ID and sends back to the React Native app.
The React Native app automatically signs in the user with the custom auth token.
Use react-native-firebase lib.

How can I know that a Firebase Cloud Messaging token is out of use?

A single user can have multiple devices connected to his account.
Because of that he can have multiple cloud messaging tokens.
Everytime the user opens the app the token from that device is send to the app server and saved there.
What happens if a user uninstalls the app from one of his devices? I have no chance to tell the server that the token is not longer in use.
Can it occure that I notify an other user instead since this other user has acquired the not longer used token from the original user?
What happens if a user uninstalls the app from one of his devices?
Usually, when your app is uninstalled, it is advisable for you (the developer) to automatically make sure that the corresponding registration token is deleted from your own App Server.
Can it occure that I notify an other user instead since this other user has acquired the not longer used token from the original user?
No. Each registration token is unique per each app instance. So rest assured that if a registration token is invalidated/expires for whatever reason, no other user will be able to use it. Sending a message to an invalid/expired registration token will result to a NotRegistered error.
Tokens are not re-used so there should be no risk of notifying another user. Tokens cannot be acquired by one user from another.

How to store firebase instance id token?

Is firebase token is use to sent to specific device?
How do I store firebase token in MySQL?
From google website, It does not mention about the length of the token.
It seems to be very long.
An Instance ID Token identifies a specific app on a specific device. From the Firebase documentation:
Registration token - An ID generated by the FCM SDK for each client app instance.
The Instance ID Token indeed only expires in very few conditions. Also from the documentation:
The registration token may change when:
The app deletes Instance ID
The app is restored on a new device
The user uninstalls/reinstall the app
The user clears app data.
The token is a relatively long string. Since you're unlikely to frequently search for it, I'd store in in a text field in your database.

Resources