i have an cordova App , when user login new "app registrationId" is sent to server and is saved in database for further use (when app user receive a message from someone else ) , however when user logout i want to clear all pending message in gcm , so that if another user login he doesn't receive Previous user notifications.
is there any way to do this in GCM ? or my scenario is totally wrong !?
thanks.
A registration token corresponds to a single app instance (tied to the device) and not to a single user specifically.
I've also searched around about this topic before and the usual solution is for you to have a user identifier included in your payload, let's say a userid. Then in your client app, you must check if the userid matches the one who is currently logged-in. If true, show the notification, else, disregard the message.
With this, if a different user is logged-in and a push was sent to that specific registration token, your app will handle it and will not show any details not for the corresponding user.
However, this means that only if the original user is logged-in will your app be showing a notification.
Anyways, it's still a valid workaround for the behavior you're aiming for. Hope that makes sense. Cheers!
Related
I am implementing push notification in my app after having it for IOS for a while.
Use case: I have user login, and accounts stored on our servers. I only want to send push notifications when a user is logged in, and only for the user currently logged in. Notifications are targeted to the individual user.
To do this, i fetch the token using
FirebaseInstanceId.getInstance().getToken()
, send push token to our server when user logs in, and remove it on logout.
Everything works as far as registering token, sending the token etc., HOWEVER, there could be scenarios where this doesn't work, for example if a user logs out with flight mode, so our server still has the token and thinks it should still send them.
On IOS, there are two local functions, register/unregisterforremotenotifications, that basically turns notifications on/off, regardless of whether my server could be contacted. I can call these on login/logout, and IOS won't show any remote notifications for my app, and i'm safe.
However, with Firebase, i can send the token to the server on login -
for logout, however, its more complex since there's no "local" system-function to call that i can find.
The best thing i've figured out, is to always send a 'Data' notification,
as described in this question,
so that my notification service always gets called, even in the background, and there check if i am logged in, and not show the notification if i'm not.
However, the notification for the wrong user will still be sent to the phone, and it's a risk, for example if i, god forbid would have a bug... or the notification gets logged somewhere in the system.
Sooo, my question is if there's any way to disable notifications on logout via Firebase?
I hope this makes sense, thoughts much appreciated!
Yes, what you do is you create your own Login and Logout APIs.
In your Login you should be storing your Token for PUSH notifications.
then whatever data triggers need to PUSH do a loop and build a push for known registered tokens.
On logout, simply delete that token from your Database and the loop will no longer include it for PUSH. You are correct using DATA tag will only work in foreground, but could be for wrong user that is correct.
If you do not have a backend, then please provide more clarity as to where/how you are storing and using your tokens to PUSH so I can help you further.
I have done this exact scenario to avoid wrong person getting push, but I support foreground and background on my scenario, so only logout or expired token will disable the PUSH on my app.
There are two ways:-
Your app supports multi user login at the same time scenarios :-
You can probably store the device token in share preferences with a boolean flag , when user relaunch the app , check if the flag for deletion is set then you can try deregistering from the service on server.
If it fails then again you can do the same , so it would be something like checking boolean flag for account deletion on every app launch to make sure it deregister.
Your app supports single usr:-
You can simply delete firebase instance Id before signing into the account. This would take care of the scenario where a different user had signed out offline and you were not able to de register from your service.
You can also handle scenarios when to show notification based on accountId or user Id of the signed in user.
Is there a way to create a registration id with scope of logged in user. I have an app which allows user to login as different user (say one user as student and other as a parent). User can switch between the users. Case is somewhat similar to gmail app where multiple email ids can be logged in at same time.
The issue is when we call
FirebaseInstanceId.getInstance().getToken()
It will give the device id for that app instance. So if i am to target a specific user logged in i cannot.
One way i can accomplish targeting a user is to send user_id explicitly as data, which in my case is not efficient as it will take to send one FCM send request for each user. Is there anyway this can be accomplished. Would like to know how gmail is handling user specific notifications.
Token (reg id) is intended to represent a mobile device.
As you've said you can send in payload or in tags which user the push notification is destined to, check if it is the same as the current logged in user and decide whether to create the notification or not.
The only problem here may be, how to identify the current user if at the moment of push arrival your application is killed or all users are logged out. I think in this case the solution depends on privacy level of the pushed data.
I know this has been discussed before, but the only solution I found (canonical IDs) don't work in my scenario.
Scenario:
User installs App and registers with his user account A
User gets push notifications meant to be delivered to this specific user account A
User uninstalls the app
User reinstalls the app
User registers with a different user account B
Now notifications are delivered for both user accounts. From my understanding, using cannonical GCM Reg IDs would only consolidate those IDs and prevent sending duplicate notifications. In this case the App gets notifications for a different user that shouldn't be delivered at all.
Is there any fix for that? Only thing I can think of would be actively deregistering when uninstalling the app, but in another thread I read, it's not possible to execute code on deinstallation.
From my understanding, using cannonical GCM Reg IDs would only consolidate those IDs and prevent sending duplicate notifications.
That's one way of looking at it, but on a simpler note, Canonical IDs are like saying "old ID you used is expired, delete it (if you saved it) and use me instead".
The thing that makes this a bit odd is that, when the user uninstalls the app, the InstanceID should be invalidated. (see the docs here).
What I think you can do to make sure that tokens are deleted, you can call deleteInstanceId() to revoke all tokens, then re-register.
But to make sure that the message is for the intended user, you can refer to what is stated in the docs (first one similar to what #Ak9637 said):
To make sure that messages go to the intended user:
The app server can maintain a mapping between the current user and the registration token.
The client app can then check to ensure that messages it receives match the logged in user.
You can simply check ,when registering in your tokens database,when u receive token of user B , just check if it is already associated with any user or not, if it is simply nullify that field and save the new token to new user.
As token identifies the device not the user.
If you wish to take total autonomy and control of notifications related to your app, You should use data notifications instead of message notifications , this will avoid the OS handling the notifications instead of your app
I want to store FCM token in my android app user's table in database when user register to the app . When i want to send notification to specific user then i will fetch Token from corresponding row and send push notification.But i am confused that whenever app user logout from his app and register new account from same device ,then there will be two row and hence two Token for same device on database. How to handle such case? What happen to old Token in device? please anyone can help me??
The Instance ID token used to send FCM messages represents the instance of and app on a device. The current user of the app would not affect the token that represents the app instance. Uninstalling and reinstalling the app would cause a new token to be generated but not for in app behaviour like switching users.
You should still remove the mapping of the token to the user on logout and add a new mapping with the same token to the user that logs in but it will be the same token.
I probably feel this may help you,
When user logs out clear his device token and make him Logout so that he won't be able to receive the updates and hence only one user at a time can get the updates
I'm currently implementing GCM into an application with login system. I wanted to send notification to the application based on the user that logged in to the application (one device, multiple user). I go through these processes.
Login as "user A"
Register GCM (get Registration ID) send to server side
Broadcast Notification out to user A
Logout un-register
Login as "user B"
Register GCM (get Registration ID -occasionally get back same registration ID with user A, sometimes return as different registration ID-)
GCM push notification to user A (even if the user un-register)
I'm not sure how to let the application identify the user that logged in to the device and push notification to that specific user only. Instead of user B logged in and get user A's notification. Any comments and answers will be highly appreciated! If you need check on specific codes from my project, please do let me know.
The registration ID identifies a specific application on a specific device. It has no knowledge on log-in of users within your application. Therefore, when you un-register GCM (when user logs out), you should call your server to let it know that the user logged out.
This will let your server know that this user is logged out, and the server will stop sending GCM messages to it.
It doesn't matter if you get the same registration ID after user A logs out and user B logs in (even if you get a new registration ID, the old one may still work. That's why GCM returns a canonical registration ID when the device has more than one registration ID for the application).
EDIT :
Lets consider the special scenario (which should be relatively rare) where user A logs out after your server sent it a notification but the notification gets delivered by Google to your application only after user B logs in. The safest way to handle this case is to receive the notification in your application and discard it, showing nothing to user B. In order to know when to discard a received notification you can add a user property to your notification data with the user name as its value. When you handle the notification in the app, check that the user property matches the logged in user before displaying the notification.