I am using the firebase custom auth to generate a custom token and I was wondering if there was a way to manually update the token by shortening it based on a specific time a session has finished. e.g. if a session finishes for like 20 seconds or maybe 5 mins, I could manually update the expiry time of the token
If that is not possible, is there also a way to set a custom constant expiration time for the token e.g. 1 min rather than the 1 hour expiration time
I am using the firebase custom auth to generate a custom token and I was wondering if there was a way to manually update the token by shortening it based on a specific time a session has finished. e.g. if a session finishes for like 20 seconds or maybe 5 mins, I could manually update the expiry time of the token
If that is not possible, is there also a way to set a custom constant expiration time for the token e.g. 1 min rather than the 1 hour expiration time
Share Improve this question asked Mar 18, 2019 at 14:05 Jama MohamedJama Mohamed 3,4154 gold badges32 silver badges50 bronze badges 1- 2 Expiry time on the custom token has no impact on the duration of an authenticated session. It just means how long the custom token will remain valid before it cannot be used to initiate a login. – Hiranya Jayathilaka Commented Mar 18, 2019 at 17:29
1 Answer
Reset to default 8I quickly checked the source of createCustomToken in the Admin SDK and it seems the one hour expiration time (exp) is hard-coded in there. So if you want to modify that, you'll have to create your own fork of the Admin SDK.
The alternative would be to mint your own custom token as shown in Create custom tokens using a third-party JWT library. That way you can set the exp claim to the value you want.
A third option is to use session cookies, which allow you to set your own expiration interval.
And the final option I can think of is to file a feature request on the Admin SDK.