07 February 2020

Authenticating Firebase JWT Tokens

Door: Sem Postma

There might be circumstances where you would want to verify if a certain user is authenticated with firebase.

You don’t need the firebase admin module to verify and decode firebase JWT tokens. In the example below you can find a full implementation of this. I’m only using the default node.js modules http, https and crypto.

Example response JSON

{
    "data": {
        "iss": "https://securetoken.google.com/<project_id>",
        "aud": "<project_id>",
        "auth_time": 1581009428,
        "user_id": "9jnxi9kmz76ajnc4do47emrk8s1s",
        "sub": "9jnxi9kmz76ajnc4do47emrk8s1s",
        "iat": 1581082417,
        "exp": 1581086017,
        "email": "[email protected]",
        "email_verified": true,
        "firebase": {
            "identities": {
                "email": [
                    "[email protected]"
                ]
            },
            "sign_in_provider": "password"
        }
    }
}

You can optionally check if the “iss” value is equal to “https://securetoken.google.com/<project_id>” to ensure the user is signed in with a specific firebase project.

Facebook Twitter Google+ Tumblr E-Mail Pinterest LinkedIn Reddit XING WhatsApp Hacker News VK Telegram