How to list all active firebase ci tokens, or revoke them all

Question

I realize you can create a firebase token by using

firebase login:ci

You can revoke an individual token by doing

firebase logout --token <token>

But how do you either a) revoke all of them, or b) list all the active tokens?

I want to make sure there aren't leftover tokens that are still active on a project.

espacially an answer to question b would be nice. I have the same question... — Sebastian Thees, Apr 17 '20 at 08:17

score 14 · Answer 1 · edited Jul 05 '18 at 05:51

These tokens are Google OAuth2 refresh tokens (see bullet 4 in Google Identity Platform). Their number is limited (i guess it is 25 ).

The easiest way to explicitly revoke a token is to use firebase logout --token <token> as you mentioned. I do not know of an API for listing outstanding refresh tokens, I'm not sure it exists.

But I do know that clicking 'Remove' on the Firebase CLI entry here: https://myaccount.google.com/permissions will revoke the active tokens.

Logging back in will prompt you for permissions again and if you grant them your new token will be the only valid one.

So, It's better to remove permission from your App permissions, so no leftover tokens are there on your project.

1

Nice explaination! – shikhar bansal Aug 14 '16 at 14:54

score 3 · Answer 2 · answered Aug 12 '16 at 01:58

3

You should test this before I'd be certain it works, but you can likely go to Apps connected to your account for your Google account and revoke access to the Firebase CLI app. This should immediately revoke any outstanding tokens, and you can then run firebase login again to re-authenticate yourself.

answered Aug 12 '16 at 01:58

Michael Bleigh

25,334
2
79
85

Thanks for the answer, but chose ravi's because it was more complete – Qiming Aug 15 '16 at 16:27

How to list all active firebase ci tokens, or revoke them all

2 Answers2

Linked