Is it possible to validate a firebase token (JWT) from server (Java)

Tags: , , , ,



Browser Client – Uses Firebase to sign in and has the firebase userid, token in the local storage.

{
  "typ": "JWT",
  "alg": "HS256"
}
{
  "v": 0,
  "d": {
    "provider": "password",
    "uid": "xxxxd757-5f7f-xx0c-adb1-xxe8ce77d3a0"
  },
  "iat": 1460560833
} 

When the browser calls the server – a REST API end point , the token is passed as a Request header.

Now, the server is configured with a Firebase Secret.

My question: is it possible to validate the firebase issued token at the server side? the server is not used for authentication (the user name /pass validation is done via firebase api from browser).

Answer

Yes it is possible. There are many libraries out there for working with JSON Web Tokens in Java. This is one example: https://github.com/jwtk/jjwt



Source: stackoverflow