I have an issue where users whose JWT tokens have expired are still receiving FCM notifications after being automatically logged out.
The problem is the JWT expires and the user is logged out when they open the app and request the backend API which does jwt.verify. But FCM notifications can be sent without opening the app.
For example, if the JWT expires after 1 minute when the user logs in, and the user doesn't open the app again for 1 hour/1 day, their FCM token is still active because there was no logout action since they logged in.
So when a notification is sent, and the user opens it, they get redirected to the app and are automatically logged out. But they shouldn't have received the notification in the first place.
How can I prevent users with expired JWTs from receiving FCM notifications after automatic logout? Any suggestions would be appreciated!
I have an issue where users whose JWT tokens have expired are still receiving FCM notifications after being automatically logged out.
The problem is the JWT expires and the user is logged out when they open the app and request the backend API which does jwt.verify. But FCM notifications can be sent without opening the app.
For example, if the JWT expires after 1 minute when the user logs in, and the user doesn't open the app again for 1 hour/1 day, their FCM token is still active because there was no logout action since they logged in.
So when a notification is sent, and the user opens it, they get redirected to the app and are automatically logged out. But they shouldn't have received the notification in the first place.
How can I prevent users with expired JWTs from receiving FCM notifications after automatic logout? Any suggestions would be appreciated!