Firebase VerifyToken

[अजयसिन्हः]

Hi all,

I have quasar app with firebase jwt token sent to it for authentication. I am trying to use smallrye but continue to get 401

This is how my application properties look like

mp.jwt.verify.publickey.location= https://www.googleapis.com/robot/v1/metadata/x509/secur...@system.gserviceaccount.com

mp.jwt.verify.issuer = https://securetoken.google.com/<firebase-project-id>

quarkus.smallrye-jwt.enabled=true

My rest controller looks like this

@Path("/secured")

@RequestScoped

public class AuthTokenInject {

   @Inject

    JsonWebToken jwt;

    @GET

    @Path("permit-all")

    @PermitAll

    @Produces(MediaType.TEXT_PLAIN)

    public String hello(@Context SecurityContext ctx) {

        System.out.println("?????????????????" + ctx);

        System.out.println("?????????" + jwt.getIssuer());

        return "done";

    } 

Can anyone help me how to get this done correctly?

Thanks

Ajay

[Sergey Beryozkin]

Hi

We've started a conversation on Zulip so lets continue there

thanks Sergey

[1] https://quarkusio.zulipchat.com/#narrow/stream/187030-users/topic/Quarkus.20with.20Firebase

--
You received this message because you are subscribed to the Google Groups "Quarkus Development mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to quarkus-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/816eac33-5eb9-411d-bf80-9a09b50c5436n%40googlegroups.com.

[aks]

Hi 

what i meant was from the public key url , we get two keys with id

{

• e08b4734b616a41aafa92cee5cc87b762df64fa2: "key1",
• 5f9712a08731720d66fd4a2a592e4dfc2b5de595: "key 2 "

}  

however the token that i created from java firebase-admin sdk version 7.1.0

FileInputStream serviceAccount = new FileInputStream(/path/to/serviceAccount);

 FirebaseOptions options = FirebaseOptions.builder() .setCredentials(GoogleCredentials.fromStream(serviceAccount))                    .setDatabaseUrl("https://123.firebaseio.com").build();

  if (FirebaseApp.getApps().isEmpty()) { FirebaseApp.initializeApp(options);  }

var token = FirebaseAuth.getInstance().createCustomToken("123");

The token created above does not have key id to select one of the public key from the url. Tthe token header only has 

{"alg":"RS256"}  .

so how do we knwo which public key to use without kid in the header?

Does it make sense?

Thanks

aks

[Sergey Beryozkin]

As I said in our discussion - this is a custom Firebase store format containing two certificates, what this id is is not known, may be a cert thumbprint or may be not, the headers you posted show that no certificate thumbprint is set in the token so the only option for smallrye-jwt is to 1) support that custom store format (may be it is the right just to let the users to register the custom key resolvers ) 2) iterate over all the certificates which is not great

Lets continue our Zulip thread, it is better to keep the discussion in one place

Thanks, Sergey

To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/649ccee6-e91a-40b4-bf7b-0c5d7862fc97n%40googlegroups.com.