Ad

Validate Firebase Access Token?

When I generate a token using createCustomToken from Firebase admin sdk, how can I verify that is the valid token without using the SDK again?

I assumed its a valid OAuth token but I can not find the signing key and therefore check the integrity. I use Firebase Auth for storing the token and the admin sdk.

Ad

Answer

Custom Tokens created with the Firebase admin SDK are signed using a service account. In the default setting the service account email has the form [email protected]<YOUR_PROJECT_ID>.iam.gserviceaccount.com.

Under https://www.googleapis.com/robot/v1/metadata/x509/<service account email> you will find the corresponding public keys.

See also https://firebase.google.com/docs/auth/admin/create-custom-tokens

Ad
source: stackoverflow.com
Ad