Properly log out a user from android app

firebase sign out android
firebaseauth.getinstance().signout() not working
firebase signout
add logout button in android
sign out google android api
google admin force user logout
firebase authentication android studio
sign out google account firebase

I'm developing a small android app, and basically so far it just has login and logout functionality. I'm using Firebase to store user data and also for authentication.

So I have login working and it authenticates users as it should and I have logging out working in the sense that it unauthenticates users. But is there anything I have to do from within the app to kill the session?

if (id == R.id.action_log_out) {
    ref.unauth(); //End user session
    startActivity(new Intent(MainActivity.this, LoginActivity.class)); //Go back to home page
    finish();
}        

Will this work as I think it should? Obviously if someone logs out they shouldn't be able to hit th back button and magically go back to the last page without re-logging in.

When Firebase authenticates the user (or you authenticate the user with Firebase), it stores the token for that user in local storage on your device. This happens when you call one of the authWith... methods (of course only if it successfully authenticates the user).

Calling ref.unauth(); immediately deletes that token from local storage.

A properly implemented flow would not automatically re-authenticate them when the user presses the back button, but that depends on the flow you implement (which is missing from your question and would likely be too much code anyway).

Signing Out Users and Disconnecting Accounts, Sign out users; Disconnect accounts. You can enable your users to sign out of your app, and to disconnect their accounts from your app entirely  It does not sign the user out of the underlying social provider (e.g. Facebook, Google). So next time your start the sign-in flow for that provider, it will be picked up immediately by your code (or the library that you used). But it'll be easier indeed to say what's going if you show the minimal code that reproduces the problem.

From Firebase docs

https://firebase.google.com/docs/auth/android/custom-auth

call this FirebaseAuth.getInstance().signOut();

Signing out a FirebaseUser - [Android Classifieds App], In this video we add functionality for signing out a user. Learn to build an Android application Duration: 6:42 Posted: Oct 24, 2017 I am developing an android app for the first time and I wanted to make the sessions for login and logout. I saw that most of the people suggested using SharedPreferences. But how can I check if the user logged out? If the user does not and clicks on my app, then the sign in page won't show up! The user can immediately go to the main page.

I see 2 options for the issue we have with the back-Button after Logout:

In your LoginActivity, wich should be you launcher activity, Override onBackPressed Method and leave it empty:

    @Override
public void onBackPressed() {
// empty so nothing happens
}

Or/and you can add the LoginActivityIntent in your LogoutActivty if user == null. This way, whenever a not authenticated user lands on the activity, it will redirect to the LoginActivity instantly, although this looks kinda weird.

        mAuth = FirebaseAuth.getInstance();
    mAuthListener = new FirebaseAuth.AuthStateListener() {
        @Override
        public void onAuthStateChanged(@NonNull FirebaseAuth firebaseAuth) {
            FirebaseUser user = firebaseAuth.getCurrentUser();
            if (user != null) {
                // User is signed in
                Log.d(TAG, "onAuthStateChanged:signed_in:" + user.getUid());
            } else {
                // User is signed out
                Log.d(TAG,"onAuthStateChanged:signed_out");
                startActivity(new Intent(LogoutActivity.this, LoginActivity.class));
            }
            // ...
        }
    };

First Option is easier, but I guess if you apply both your on the save side ^^ Im coding for 2 weeks now so correct me if im wrong.

#21 Retrofit Android Tutorial - User Logout, RetrofitSimplifiedCoding In this video we will add the functionality to the logout button that we Duration: 2:11 Posted: Jul 21, 2018 I am making a simple authentication app in Android using Firebase authentication. Till now I am successful in signing the user in, however the issue is that the user remains signed in, and I can't find a way to sign him out. Here is my MainActivity.java code

You can replace finish() with finishAffinity();

How to sign out of Google Account on Android device, How do I sign out of Google account on Android? Open your phone's Settings app. Tap Accounts. If you don't see "Accounts," tap Users & accounts. Tap the account you want to remove Remove account. If this is the only Google Account on the phone, you'll need to enter your phone's pattern, PIN, or password for security.

Delete tokens and Instance IDs

String authorizedEntity = PROJECT_ID;  
String scope = "GCM";
FirebaseInstanceID.getInstance(context).deleteToken(authorizedEntity,scope);

You can also delete the Instance ID itself, including all associated tokens. The next time you call getInstance() you will get a new Instance ID:

FirebaseInstanceID.getInstance(context).deleteInstanceID();
String newIID = InstanceID.getInstance(context).getId();

Solving offline logout problem, and at the very bottom of the screen, you will see two options; Sync now and Remove account. I'm developing a small android app, and basically so far it just has login and logout functionality. I'm using Firebase to store user data and also for authentication. So I have login working and it authenticates users as it should and I have logging out working in the sense that it unauthenticates users. But is there anything I have to do from

Where to put logout in an Android app?, The content of this article can be applied to both Android and iOs applications and When application hits logout endpoint server will invalidate the token and data) and leave logout token so user can still log out properly. Latter user logged out from the app, but attacker still have perfectly valid token. There is important lesson here — user assumes that there is no way to access account from this device because logout was performed properly, but the device still stores valid token that allows accessing user personal, sensitive data.

How to log out of all other devices from my cellphone, If you have a material-style drawer in your app, I recommend putting your logout action in the options that appear when the account header is  When calling MSClient.logoutWithCompletion, even on a successful logout if the user attempts to login again the login controller picks up their previous details and automatically logs them back in without the opportunity to enter new cre

Logout, Tried logging out on my phone Remove your Google Account from your device On your Android phone or tablet, open the Gmail app . I hope I'm replying to a proper post but my question/ response is: when unlinking a 

Comments
  • Hey, what is the type of ref in your code?
  • It's Firebase, firebase.google.com. They make it pretty easy for setting up a quick database and authentication, etc.
  • Actually I was using FireBaseAuth to authenticate users in android and was finding a way to end user session. Seems they already have a method for this, call signOut() on FireBaseAuth object. Anyway, thanks for your explaination.
  • Well this question is a few months old, but I think that .signOut() has taken the place of unauth(). Everything I see with unauth() now is deprecated it seems. :)
  • Ok got it ! Thanks for the clarification
  • I used AuthUI.getInstance() .createSignInIntentBuilder() for signing in to my app using Google, Email accounts. In this case, what logic would work ? I've seen your answer above. Here ref represents what ? Can you please solve my problem. Please see this post
  • Same doubt here, I use signInWithCredential so what is ref?
  • This answer is based on Firebase 2.x, from before May 2016. In later versions the equivalent is FirebaseAuth.getInstance().signOut();
  • @FrankvanPuffelen thanks for being available, it took me a while to realize the API changed, had to check the git history github.com/firebase/quickstart-android/commit/… I will try to see what I can do
  • I used this and it is working fine except samsung devices. I am checking Auth variable to null , if so then i am redirecting user to the app but in samsung devices condition auth!=null gets satisfied even user is logged out .