firebase-id-tokens-verifier icon indicating copy to clipboard operation
firebase-id-tokens-verifier copied to clipboard

Published 20 hours ago verified publisher icon soulfly

possible error in documentation

Open demoze opened this issue 6 years ago • 4 comments

Hello,

May be you have an error here

# valid_public_keys = FirebaseIDTokenVerifier.retrieve_and_cache_jwt_valid_public_keys
# kid = valid_public_keys.keys[0]
# rsa_public = OpenSSL::X509::Certificate.new(kid).public_key


It should be 
# valid_public_keys = FirebaseIDTokenVerifier.retrieve_and_cache_jwt_valid_public_keys
# val =  valid_public_keys.values[0]
# rsa_public = OpenSSL::X509::Certificate.new(val).public_key

demoze avatar Mar 26 '18 14:03 demoze

You mean in this line? https://github.com/soulfly/firebase-id-tokens-verifier/blob/master/verifier.rb#L181

soulfly avatar Mar 27 '18 11:03 soulfly

Yes

demoze avatar Mar 27 '18 15:03 demoze

We need to use .values[0] instead of .keys[0] https://github.com/soulfly/firebase-id-tokens-verifier/pull/3

duleorlovic avatar Dec 11 '18 12:12 duleorlovic

For me I had to use the second certificate rather than the first, I'm not clear on why there are two certificates being returned by the google link

public_key = OpenSSL::X509::Certificate.new(valid_public_keys[valid_public_keys.keys[1]]).public_key

EDIT

This is the correct approach I think, I hadn't realized the kid is part of the claim sent through from the client. I guess this is how you know which certificate is to be used. Still not sure why there are two, possibly for different algorithms?

public_key = OpenSSL::X509::Certificate.new(valid_public_keys[kid]).public_key

bars0um avatar Dec 01 '19 17:12 bars0um