70

I want to know what will happen to the users of my app that I used anonymous sign in method for them.

The Firebase documentation is really BAD and didn't explain everything and expect developer to find out himself. I found in its old version documentation that anonymous session will expires based on the expiration time has been set in Login & Auth tab, but even there didn't mention this means just the session ends or it means that user id will remove also from my app users list or what EXACTLY happened?

I found this answer but it really is not acceptable. The number of anonymous users will grow very very fast if you do a web app and make every thing hard. I even cannot see the number of my app users in my dashboard!!!!! So, what should i do? should i develop a dashboard for my data myself or Firebase team should do it? At least for managing users i should have more power than just searching user with their email and when you use custom login you cannot do this also.

Improve this question
1
  • 11
    This is an excellent question that I would also like an answer to. I have 1000+ anonymous users stacked up because I can't user email/password with my app. I need anonymous. I have 22 ACTUAL users, yet 1000+ of these dang user IDs.
    – Ryan
    Oct 5, 2016 at 20:49

5 Answers 5

Reset to default
40

Anonymous users don't expire, and there isn't currently any automated way to purge them.

Firebase doesn't automatically remove them because it doesn't really know if a user is still storing data linked to that login - only the app creator does. Imagine if you are playing a puzzle game on your phone, and get to level 100. Then when you go to play level 101 next year, all progress is lost. Firebase can't just assume a user being inactive for a year means that the account can be removed.

There is a couple tools that should help, though.

1) Admin SDK & Firebase CLI list users.

2) Linking multiple auth providers

3) Auth State Persistence

Once you list your users, you can check that each doesn't have any other providers, and hasn't been used recently, doesn't have data stored, and delete them.

Better, though, would be to ensure that only one account is created per user. If you create an anonymous account to help users store data before logging in, you may want to consider prompting them to link a auth provider (like Google or email). If you link the account, rather than creating a new one, you'll avoid abandoned accounts from active users.

In general, you will also want to make sure to use auth state persistence to ensure that there aren't more accounts than necessary being created. Creating 1 account per new visitor, rather than 1 per time someone repeatedly visits your page, will significantly help keep user growth in check.

Improve this answer
1
  • should I refresh the id_token using the refresh token to avoid creating new anonymous users ? Thanks
    – Ninja Dev
    Jun 4, 2022 at 12:09
14

In my case, I am using the anonymous sign-in method for authentication without the knowledge of the user. Each time when the user leaves the app, delete the anonymous user by - 

FirebaseAuth.getinstance().currentuser?.delete()

There will be no stacking up of anonymous user with this and limits the number of anonymous user in the app

Improve this answer
3
  • 8
    This is assuming that the app is actually closed correctly. In the event that the app crashes, those users' anonymous accounts will not be removed.
    – rolznz
    Feb 6, 2021 at 13:18
  • 1
    I actually landed up here searching the benefit of authenticating a user anonymously. I wish to know in your case what is the advantage of authenticating the user at all? How is it different from not authenticating the user and keeping it public. (I have a similar req where none of the anonymous user is ever expected to be converted to any other provider. Unable to find any justification for using anonymous authentication)
    – saurabh
    May 12, 2022 at 13:04
  • 1
    if you have an authenticated account (even anonymous ones), then you can take advantage of security rules that require an authenticated account to access the database. That's the only reason.
    – Eric
    Nov 23, 2022 at 1:22
4

2024: Firebase has automatic clean up now.

If you've upgraded your project to Firebase Authentication with Identity Platform, you can enable automatic clean-up in the Firebase console. When you enable this feature you allow, Firebase to automatically delete anonymous accounts older than 30 days. In projects with automatic clean-up enabled, anonymous authentication will not count toward usage limits or billing quotas.

Any anonymous accounts created after enabling automatic clean-up might be automatically deleted any time after 30 days post-creation. Anonymous accounts created before enabling automatic clean-up will be eligible for automatic deletion starting 30 days after enabling automatic clean-up. If you turn automatic clean-up off, any anonymous accounts scheduled to be deleted will remain scheduled to be deleted. These accounts do not count toward usage limits or billing quotas. If you "upgrade" an anonymous account by linking it to any sign-in method, the account will not get automatically deleted. If you want to see how many users will be affected before you enable this feature, and you've upgraded your project to Firebase Authentication with Identity Platform, you can filter by is_anon in Cloud Logging.

Docs

Improve this answer
1
  • 1
    Hi thanks for sharing this! I'm curious if this is also applied to "active" anonymous accounts, as in anonymous user who is actively using the app within that 30 days period. It's quite common to see users who continue to use the service without connecting any account especially in mobile apps, and I wouldn't want their account to be suddenly deleted. I read the docs but there's no statement that it counts last active time into the calculation so I assume it would also delete anonymous account that is highly active even on the 29th day?
    – Dangular
    Dec 31, 2022 at 3:10
0

There is a possible cloud function for that. Check: delete-unused-accounts-cron

This function deletes unused accounts after a certain time. Which might be also helpfull for nonanonymous users.

If you only want to delete anonymous users or check only for them (for example delete after a different inactive time than normal users) you can identify them by checking:

const inactiveUsers = result.users.filter(
        user => {
            isAnonymous = user.providerData.length == 0;
            //do something when anonymous
        });
Improve this answer
1
  • 1
    The provider id for an anonymous user is "firebase", which results in size of user.providerData > 0, so your "isAnonymous" check won't work I assume.
    – JacksOnF1re
    Feb 27, 2023 at 15:17
-5

If you'd like anonymous users to be removed from your user list, you'll have to write a service to do that for you.

Since firebase doesn't provide a way to list registered users, you'll have to make sure you're storing some sort of user list in the database. You can then use the node.js admin sdk to get user data, check if the user is anonymous, and find when the user was created. For performance reasons, you may wish to store this information in a special area of your database and retrieve it all at once. Once you've identified a stale anonymous user they can be easily deleted.

Improve this answer
5
  • This is deleting the problem.
    – Ali
    Feb 20, 2017 at 7:49
  • What are you hoping would happen to anonymous users?
    – nloewen
    Feb 20, 2017 at 16:04
  • I should be able to manage my users easily, whether it's anonymous or not. For users maybe i can set an expiry time after that delete.
    – Ali
    Feb 21, 2017 at 6:09
  • 1
    You'll have to use the admin API if you're looking for more functionality than what the Firebase console provides.
    – nloewen
    Feb 21, 2017 at 14:29
  • 3
    Firebase auth already has a "Signed In" value with last signed in timestamp, If a login is inactive for more than x days, delete it
    – Kumar
    Feb 14, 2018 at 16:31

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.