What is the recommended way to deal with multiple users on the same device?

[eliw00d]

It seems as though registration tokens are unique only to the installed app and so some additional consideration has to be given for apps that allow multiple users. I have been trying to find best practices using Firebase Cloud Messaging as far as this goes but curious if anyone here has any?

One idea I have seen is to delete the token on log out, but that doesn't seem to guarantee the token will be new for the next user.

Another idea I have seen is to use data-only notifications and check the userId against the logged in user's id. However, if the current user does not match, the intended user does not get a notification even when they log in next (although this could be stored somehow to force a local notification when that happens).

Also, in general, once a token has been registered, if a user logs out they would still get notification messages unless their token was unregistered.

[mikehardy]

I was under the impression that invalidating a token worked? Doing that on logout should be a valid way to stop a stream of messages for a previously registered / cloud-stored token from continuing to go to the device

[eliw00d]

Using messaging().deleteToken or invalidating it in my own system? I thought I read somewhere that deleting a token did not guarantee the next time getToken was called it would be new.

Looking at the docs I see that getToken has the following signature:

getToken(authorizedEntity?: undefined | string, scope?: undefined | string): Promise<string>;

Could authorizeEntity and scope be used to ensure the token is unique to a user?

[mikehardy]

I would be careful with scoping and test it carefully, I recall something about scoping not being handled consistently or maybe not correctly in all cases - that is incredibly vague and I apologize but the suggestion of very careful testing of all cases is valid at least. I mean calling the delete token API yes, I was under the impression it did invalidate a token. I suppose that bears testing