Flutter Question posted in
The official Flutter documentation can be found here.

Flutter – Firebase giving accounts that do not exist

I am using firebase with flutter and have successfully integrated authentication. However, I have deleted all accounts in the firebase console. I am using a stream of authStateChanges to check whether the user is signed in or not as explained in the netninja tutorial. The problem is that it is returning the account information of an account that I have deleted. Why is this happening?

I have this code in my firebase auth file:

import 'package:brew_crew_firebase_tut/models/user.dart';
import 'package:firebase_auth/firebase_auth.dart';

class AuthService {
  FirebaseAuth instance = FirebaseAuth.instance;

  Coffeeer coffeeerFromUser(User? user) {
    return Coffeeer(uid: user?.uid);
  }

  Future<Coffeeer?> newUser(String email, String password) async {
    try {
      UserCredential result = await instance.createUserWithEmailAndPassword(
          email: email, password: password);
      User? firebaseUser = result.user;
      return coffeeerFromUser(firebaseUser);
    } catch (exception) {
      return null;
    }
  }

  Future<Coffeeer?> currUser(String email, String password) async {
    try {
      UserCredential result = await instance.signInWithEmailAndPassword(
          email: email, password: password);
      User? firebaseUser = result.user;
      return coffeeerFromUser(firebaseUser);
    } catch (exception) {
      return null;
    }
  }
  Stream<User?> get user{
    return instance.authStateChanges();
  }
}

Also, this is the main.dart that utilises provider package and the stream from above file:

import 'package:brew_crew_firebase_tut/screens/wrapper.dart';
import 'package:brew_crew_firebase_tut/services/auth.dart';
import 'package:firebase_auth/firebase_auth.dart';
import 'package:firebase_core/firebase_core.dart';
import 'package:flutter/material.dart';
import 'package:provider/provider.dart';

void main() async {
  WidgetsFlutterBinding.ensureInitialized();
  await Firebase.initializeApp();
  runApp(
    StreamProvider<User?>.value(
      value: AuthService().user,
      initialData: null,
      child: MaterialApp(
        home:Wrapper()
      ),
    )
  );
}

Other similar questions are majorly regarding the firestore database but none concern the authentication problem.

Tags:

2

Answers


  1. 0

    My first guess is that the plugin somehow caches the data. Resulting in the sending of the previously existing data when pulling up a user.

    I’ll suggest trying this instead.

    if (FirebaseAuth.instance.currentUser?.uid == null)  {
    // Then user is not logged in
} else {
   // Then user is logged in
}

    Another possibility is there was no active internet connect therefore having the firebase auth plugin to rely on the cached data.

    Login or Signup to reply.
  2. 0

    If you deleted the account recently (say in the last hour) that is the expected behavior. Firebase Authentication works with a combination of long-lived refresh and short-lived ID tokens, and the shorter ID tokens are valid for one hour after they are minted. Deleting a user from the Firebase console does not invalidate their ID token.

    The common way to prevent usage of these (valid) ID tokens from deleted accounts is to store them in a block list. This approach is also outline in the Firebase documentation on .

    From the same page it seems you can also revoke the user’s refresh token, although I’ve never tried that myself.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search