Comments (5)
or-else
commented on May 23, 2024
Hi Riandy,
FCM token refresh in the middle of user session
Yes, it's an oversight. This functionality is needed but missing. I see two options: allow {hi} in the middle of the session or create a new packet for the purpose, like {dev}. Let me look at the code and I'll suggest which one is more suitable.
User logout in app
So, if I understand correctly, when user logs out from the device, the app needs a way to tell the server to invalidate the token. But maybe it's not needed. Since tokens are stored by UID, if the same token is used with a new UID the server can detect that and then invalidate the token for the old UID. I think the automatic token invalidation is better than explicit because it will not allow a malicious client to intentionally receive pushes for a different user. If you don't see problems with this approach, I'll add automatic token deletion on the server.
Also if I may suggest I think it's better if we differentiate between deviceId & fcm token though. The reason is because essentialy a device may have multiple tokens due to rotation / refresh.
But what is deviceId then? I don't think there is a need for a deviceId separate from the push token. Just think of deviceId as a different name for the token.
As for stale deviceId (or token), I think it needs garbage collection - automatically delete deviceId/token after a month of two of inactivity.
from chat.
riandyrn
commented on May 23, 2024
I think the automatic token invalidation is better than explicit because it will not allow a malicious client to intentionally receive pushes for a different user.
Yeah, you’re right it’s much better (y).
Maybe the trade off is when user already logged out then move to new device, they would still receive the notification in the old device. Maybe you have suggestion regarding this case?
But what is deviceId then?
I was thinking to use InstanceID
from chat.
or-else
commented on May 23, 2024
Maybe the trade off is when user already logged out then move to new device, they would still receive the notification in the old device. Maybe you have suggestion regarding this case?
I'm thinking about adding a way of updating the token which should cover both cases:
- Replace old token with the new token
- Replace token with null
I was thinking to use InstanceID
It's not going to be used on the backend so I would rather not collect it.
from chat.
or-else
commented on May 23, 2024
I think allowing {hi} in the middle of a session is the simplest solution: #51
from chat.
riandyrn
commented on May 23, 2024
Hello, Gene
Yeah, it’s awesome 👍
I have a little bit fix for null params in {hi} response though: #55
Thanks
from chat.
Related Issues (20)
- "Canceled desc = context canceled" without any explanations HOT 3
- Error finding a topic by its tag with Postgres HOT 3
- Unable to create new root user using official container HOT 2
- Provide arm64-linux build HOT 2
- Unable to `{sub}` with `on_behalf_of` HOT 2
- generate error HOT 1
- Can't connect to external database HOT 4
- [Question] External config is not working as expected HOT 2
- crash when removing a topic with RethinkDB HOT 3
- A feature request for status values. HOT 2
- error: The data couldn’t be read because it isn’t in the correct format in IOS HOT 1
- Can't initialize postgres database (does not use configured database to init) HOT 1
- Repetitive sub<->leave requests on same topic results in some leave requests with no response HOT 3
- Error starting gRPC call. HttpRequestException: No connection could be made because the target machine actively refused it. (127.0.0.1:6061) SocketException: No connection could be made because the target machine actively refused it. HOT 3
- Support S3 Compatible Storage Providers HOT 7
- External jwt token authenticator HOT 2
- Tinode not triggering password reset emails HOT 3
- NOT WORKING VIDEO CALL OTHER INTERNET HOT 1
- Cluster Not Working, Error: [ cluster: call failed two gob: unknown type id or corrupted data ] HOT 1
- In-app unread message counter does not account for deleted messages HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chat.