I have a profile tab in which a user can press edit and edit their profile. I only want to require their password if I have to. So wanted to know how long is how many milliseconds of a user being signed in makes it not a recent login, in which firebase will throw the error "auth/requires-recent-login" when editing a users account? new Date(Date.parse(firebase.auth().currentUser.metadata.lastSignInTime)).getTime() Will give me an approximation of the last login (in milliseconds within 2000 milliseconds). I just want to know at what time should I ask the user to reauthenticate?
Firebase Authentication sign-ins are permanent There is no specific time-out on the authentication of a user, so you should not ask them to re-authenticate based (only) on the expiration time.
The only you should ask the user to re-authenticate is when you perform an action in the code that requires recent authentication and it fails with a auth/requires-recent-login error code.
For example, this is how FirebaseUI detects the error upon user deletion:
firebase.auth().currentUser.delete().catch(function(error) {
if (error.code == 'auth/requires-recent-login') {
// The user's credential is too old. She needs to sign in again.