I've set up Firebase for frontend authentication and I am sending the ID token, which is a JWT, to my phoenix backend.
I am now stuck trying to verify the JWT.
Google instructions regarding the matter are here. tldr, grab the publicly accessible certificate and use it to verify the JWT signature was signed with the correct private key.
I have this so far
def verify(token) do
{:ok, resp} = HTTPoison.get(@cert_url)
%{body: body} = resp
body = Poison.Parser.parse!(body, %{})
{:ok, header} = Joken.peek_header(token)
cert = body[header["kid"]]
end
I'm lost there. Do I need to convert the public certificate to a public key? How do I create a Joken.Signer with RS256 signing algorithm and the public certificate? I am open to solutions that don't use Joken as well.
Thank you!
2条答案
按热度按时间vql8enpb1#
@fetching_water的解决方案的一个稍微更习惯的版本,它使用更多的模式匹配,并使用哈克尼而不是HTTPoison:
nwlls2ji2#
I found the JOSE library :D
To finish up the code…
Elixir code can probably be cleaned up ^_^