I'm developing an Android app that involves Firebase Cloud Messaging. My messages consist of notifications with data payload, and are sent to the Firebase server by means of a node.js script. This setup is very similar to what is explained in this Firebase blog, but one difference is that I do not make use of topic subscription, but rather send my messages directly to a user, identified by the Firebase InstanceID token. I keep track of this token for each user in my Firebase database.

This setup works, but when a user logs out my Android app (for example because another user wants to log on using the same device), I have to prevent receiving notifications for the user that just logged off.

I was planning to get a new token when a user logs on:

FirebaseInstanceId.getInstance().getToken();

and release it when that user logs off. However, this is the point where I got lost. In the documentation, I found the command to delete the token:

public void deleteToken (String authorizedEntity, String scope)

but I can't figure out what the strings "authorizedEntity" and "scope" should contain. Can someone point me in the right direction, or am I on the wrong track altogether by deleting tokens (I could hardly find any related questions, which surprised me)?

The Firebase Instance ID token identifies an installed instance of your application. Trying to change its meaning is a recipe for headaches.

You should not use it to identify a user. So unless the user uninstalls the app (in which case the token is automatically deleted), you should not try to delete the token when the user logs out.

If you want to stop sending notifications to a user-on-a-device once they sign out, you should track that in your database: "user A is using token B".

UserTokens
  UserA: "tokenB"

Then you can clear that data when the user signs out: "user A is no longer using a token".

UserTokens
  UserA: ""

Then when user B signs in to the same app on the same device, they'd get the same token:

UserTokens
  UserB: "tokenB"