firebase jwt public key rotation

Question

firebase jwt public key rotation

Speedy0197 opened this issue 7 months ago · 5 comments

Hi,

i managed to setup everything with firebase jwt.
Unfortunately the public keys from https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com seem to rotate once per week.
Am i supposed to swap them once per week or am i missing something?

Thanks for this great project.

Answer 1 · 2024-03-15T07:46:55.000Z

I think you can request the latest over https at the start of the script (and cache it 24 hours if you are worried about performance).

Answer 2 · 2024-03-15T08:46:27.000Z

Do you mean adjust the code to use the secrets from the https call? Or is there some option i am not seeing?

I am just a bit confused, because in your documentation you mention firebase, but nothing about that.

Answer 3 · 2024-03-16T12:36:06.000Z

Do you mean adjust the code to use the secrets from the https call?

Yes, grab them from the URL (using file_get_contents), put them in a PHP variable that you use in the configuration.

see: https://github.com/mevdschee/php-crud-api?tab=readme-ov-file#configure-and-test-jwt-authentication-with-firebase

Answer 4 · 2024-03-18T10:55:16.000Z

thanks, that seems to work:

`$jsonString = file_get_contents("https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com");
$json = json_decode($jsonString, true);
$secrets = "";
foreach ($json as $key => $value) {
$secrets = $secrets.$key;
$secrets = $secrets.":";
$secrets = $secrets.$value;
$secrets = $secrets.",";
}
$secrets = rtrim($secrets, ",");

'jwtAuth.secrets' => $secrets,`

is there an easy way to buy you a coffee?

Answer 5 · 2024-03-19T06:39:49.000Z

is there an easy way to buy you a coffee?

No, but you donate something to https://unicef.org