Firebase 服务器端 verifyIdToken() 在幕后做了什么?
What does Firebase server side verifyIdToken() do under the hood?
我正在考虑使用 Firebase 来执行 identity verification. I am new to JWT, so my apologies if this is an obvious question, but I don't understand how the verification is actually done. It seems that FirebaseAuth.getInstance().verifyIdToken(idToken) works asynchronously, as the result is obtained via a listener. I understand that some certificates are used as described ,并且这些证书会定期轮换。这是否意味着我的后端服务器和 Firebase 服务器的 每次 时间我将调用 verifyIdToken() 之间需要联网?是不是有问题?
为了验证 Firebase ID 令牌,需要检索 Firebase Auth public 证书(网络请求),这些证书会定期轮换。这些是确保 Id 令牌未被篡改所必需的。首先解析 JWT,检查加密令牌的算法以查看它是否与预期匹配,然后使用获得的 public 密钥验证签名,最后验证 JWT 声明以确保令牌未过期.
我正在考虑使用 Firebase 来执行 identity verification. I am new to JWT, so my apologies if this is an obvious question, but I don't understand how the verification is actually done. It seems that FirebaseAuth.getInstance().verifyIdToken(idToken) works asynchronously, as the result is obtained via a listener. I understand that some certificates are used as described verifyIdToken() 之间需要联网?是不是有问题?
为了验证 Firebase ID 令牌,需要检索 Firebase Auth public 证书(网络请求),这些证书会定期轮换。这些是确保 Id 令牌未被篡改所必需的。首先解析 JWT,检查加密令牌的算法以查看它是否与预期匹配,然后使用获得的 public 密钥验证签名,最后验证 JWT 声明以确保令牌未过期.