Public Key Refresh

[conways-glider]

The Firebase Auth Public Key needs to be refreshed based on max-age field of the Cache-Control header, but it is only ever fetched once - it may be worth it to add the keys to the Global state of the app and add that to the tutorial.

See here: https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library

[maylukas]

@fluffy-samurai Hi Nia, yes that's true. Thanks for the hint!

It will only be a problem though if Google somehow get's their Firebase private keys leaked which would be pretty embarrassing for them 😄

I will see how to implement this and update the post accordingly. Will do it sometime next week

[conways-glider]

Thank you so much!

[maylukas]

@fluffy-samurai I added periodic update of keys based on the Cache-Control header.

[conways-glider]

@maylukas Thank you! This seems very clear to me!