Misunderstanding in the Firebase's token verification

0
votes

I want to verify Firebase's token on the server side using this third party library in the C++. But I have some misunderstanding: For the token validation I need to provide public and private keys, Firebase says that:

Must correspond to one of the public keys listed at https://www.googleapis.com/robot/v1/metadata/x509/[email protected]

But when I opened the link, I could not find public and private keys which I should pass for token verifying.

So, how can I get public and private keys for token verifying?

1
firebaseencryptioncryptographyfirebase-authenticationrsa

1 Answers

1
votes

You just need the public key to verify a Firebase ID token and jwt in general. That link contains the public keys json object (let's call it publicKeysObject). You get the "kid" field in the JWT header and then get the public key as follows: publicKeysObject[kidFromJWT]

Check the Firebase Admin node.js SDK open sourced implementation for details: https://github.com/firebase/firebase-admin-node/blob/master/src/auth/token-generator.ts