Using NodeJS, how can I verify the JWT (idToken) provided by Firebase Auth, without Firebase Admin SDK?
Asked
Active
Viewed 2,352 times
1 Answers
14
Following the doc on how to verify ID Tokens, it is possible using any JWT libraries and grabbing the public key from Google API's website.
import jwt from 'jsonwebtoken';
import request from 'request';
import { promisify } from 'util';
const rp = promisify(request);
const response = await rp('https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com');
const publicKeys = JSON.parse(response.body);
const verifyIdToken = idToken => {
const header64 = idToken.split('.')[0];
const header = JSON.parse(Buffer.from(header64, 'base64').toString('ascii'));
return jwt.verify(token, publicKeys[header.kid], { algorithms: ['RS256'] });
};
anni
- 1,403
- 1
- 24
- 33