Reputation: 1902
Using firebase jwt to authenticate users to external server\service?
Okay so in my iOS app I log the user into firebase, then get the jwt token. So now I have my server with an api which accepts an idtoken in the header of the GET.
What do I do here? Certainly I wouldn't be validating the JWT againt firebase on every single API call right? I mean its fast, but that adds latency with a second external check, no? How does one simply just decode that guy in C#? I have an Auth0 layer already and that decodes the JWT with my server-stored secret, but that same code doesn't work for the Firebase token.
Could it just be decoded then extract the user details from that, maybe just check expiry and if expiry > X months it's still okay?
Upvotes: 0
Views: 492
Answers (1)
Reputation: 30798
In order to verify Firebase ID tokens and JWTs in general, you only make a network call on your server to get the public certs which are usually not updated for several hours. You could cache that and try to verify with an ID token and if it fails, only then, load the new public certs.
And yes, you must verify the ID token on each call especially since Firebase ID tokens expire after typically an hour and need to be refreshed continuously.
Upvotes: 2
Related Questions
- Obtaining/using Firebase JWT
- Understanding how firebase handles signing In with JWT
- Firebase JWT to django credential login
- Can I use jwt tokens with Firebase?
- Firebase token verification on server
- How can a firebase auth token be send to a external server?
- Using Firebase for server side authentication
- Can I use my own custom authentication service in Firebase?
- Authenticate Firebase JWT token on server running NGINX + Node.JS
- Firebase - using credentials to authenticate a server with the DB