I am authenticating my users with Firebase, and using the token exchange API to retrieve a tapkey token.
The issue I am having is that the Firebase certificate to authenticate the token expires regularly, as explained on the Firebase website:
Finally, ensure that the ID token was signed by the private key corresponding to the token's kid claim. Grab the public key from https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com and use a JWT library to verify the signature. Use the value of max-age in the Cache-Control header of the response from that endpoint to know when to refresh the public keys.
The max age for the current Firebase certificates is 22963 seconds (as I am writing this, just over 6 hours) and the process to upload a new public key to Tapkey is a manual one.
I'm considering writing a script to download a new certificate when the old ones expires, and extract the public key. Does Tapkey have an API endpoint I could use to post my updated public key to, or is there another approach I can take here?
Thanks