Only one log in per user at the time in Firebase for android
Asked Answered
T

2

10

I want users to use their credentials on one device at the time, avoiding multiple log ins with the same email and password. I´ve found this from firebase official site but it is not related with what I am trying to do.

Thunderpeal answered 11/2, 2018 at 13:59 Comment(0)
R
11

There is no way to prevent a user from authenticating on multiple devices. In fact: to know that the same user is on two devices, they'll need to authenticate on both devices.

Depending on the back-end service that you're using, it may be possible to only allow resources to be accessed from one device.

For example, if your app uses the Firebase Database, you could write the InstanceID token into the database when the user logs in. And then only allow the write if there is no token yet, or the token matches the token that last logged in. You could then even warn the user if they log in on a second device, that they're already accessing the system from another device and should log out there first.

But this is all wrought with problem cases.

For example: when do you flag that a user stopped using your app on one device (i.e. delete the InstanceID token from the database)? When they log out? That means they'll have to log in every time they want to use the app, a type of friction most users don't like much.

Or will you try to automatically detect that they stopped using the app, e.g. when it goes into the background? What happens if you miss that moment because of a bug, a crash, or a network glitch? Will the user then be unable to use the app from their other device?

For these and many more reasons I usually recommend against such a single-device policy: it's more trouble than it's worth.

Also see:

Rachelrachele answered 11/2, 2018 at 15:16 Comment(1)
Good explanation, i thinked almost the same, so, there is simply no way to know this ? also since Android 10 we cannot use hardware id which can serve this purpose(know how many device are connected for example), how service such as netflix or others would do so ?Paramagnet
W
1

In my case I used a hack since firebase wasn't offering any any solutions.

On account creation I generated an appId for every user, store a copy of that id on the device locally and another copy on the server, under the user collection.

When user logins I compare the appId on the device with that on the server to see if they match, if they don't a function triggers a forced logout.

It isn't a perfection solution but it is a start.

I am also trying to investigate if I could achieve a better solution with cloud functions.

Whosoever answered 10/6, 2024 at 1:37 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.