How To Verify Firebase ID tokens using a third-party JWT library?

jwt.io provides a page to help verify Firebase ID Token

Firebase ID tokens on clients

When a user or device successfully signs in, Firebase creates a corresponding ID token that uniquely identifies them and grants them access to several resources, such as Firebase Realtime Database and Cloud Storage. You can re-use that ID token to identify the user or device on your custom backend server. To retrieve the ID token from the client, make sure the user is signed in and then get the ID token from the signed-in user.

(Reference: https://firebase.google.com/docs/auth/admin/verify-id-tokens )

Firebase ID token example

The above screenshot shows an example of Firebase Id Token (JWT) decoded by jwt.io

How to verify using jwt.io?

1) Paste Firebase Id Token and get the kid value

2) Go to GoogleApis website and find the matching certificate value

(https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com)

3) Copy and paste the certificate value (in plain text without "\n") to jwt.io website

4) You shall get the Signature Verification Status. (it means the token is verified as a true message that comes from firebase)

NEXT: Verify Firebase ID Token Using Google Apps Script and JSRASIGN JWT LIBRARY

201704, 20170423, JWT, FIREBASE