Skip to main content

Module certs

Module certs 

Source
Expand description

Fetching and caching Google’s X.509 signing certificates used to verify Firebase session cookies.

Session cookies are verified against a different key set than ID tokens: https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys, which returns a flat { "<kid>": "<PEM-encoded X.509 certificate>" } object rather than a JWK Set. This was confirmed by inspecting both the official Node.js and Python Admin SDKs (COOKIE_CERT_URI / ID_TOKEN_CERT_URI in token-verifier.ts / _token_gen.py) and by fetching the endpoint directly, since a Firebase-Admin-SDK-agnostic RS256 JWK Set is also published for ID tokens at a different URL and it would be easy to wrongly assume both token types share one key set.

Structs§

SessionCookieCertCache
Fetches and caches the X.509 certificates Google publishes for verifying Firebase session cookies.