Firebase ID tokens on clients
When a user or device successfully signs in, Firebase creates a corresponding ID token that uniquely identifies them and grants them access to several resources, such as Firebase Realtime Database and Cloud Storage. You can re-use that ID token to identify the user or device on your custom backend server. To retrieve the ID token from the client, make sure the user is signed in and then get the ID token from the signed-in user.(Reference: https://firebase.google.com/docs/auth/admin/verify-id-tokens )
Firebase ID token example
The above screenshot shows an example of Firebase Id Token (JWT) decoded by jwt.ioHow to verify using jwt.io?
1) Paste Firebase Id Token and get the kid value
2) Go to GoogleApis website and find the matching certificate value
3) Copy and paste the certificate value (in plain text without "\n") to jwt.io website
FURTHER READING:
https://www.sitepoint.com/php-authorization-jwt-json-web-tokens/
https://www.quora.com/How-can-I-validate-the-JWT-token-in-PHP
No comments:
Post a Comment