Closed conways-glider closed 4 years ago
@fluffy-samurai Hi Nia, yes that's true. Thanks for the hint!
It will only be a problem though if Google somehow get's their Firebase private keys leaked which would be pretty embarrassing for them 😄
I will see how to implement this and update the post accordingly. Will do it sometime next week
Thank you so much!
@fluffy-samurai I added periodic update of keys based on the Cache-Control header.
@maylukas Thank you! This seems very clear to me!
The Firebase Auth Public Key needs to be refreshed based on
max-age
field of theCache-Control
header, but it is only ever fetched once - it may be worth it to add the keys to the Global state of the app and add that to the tutorial.See here: https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library