3

After a successful sign-in to Firebase we received a JWT token.

In order to add authorization to my asp.net app, I tried to add a JwtBearerAuthentication to my middleware.

I have tried the following JwtBearerOptions:

 var options = new JwtBearerOptions
        {
            Audience = "myApp",
            Authority = "https://securetoken.google.com"
        };

and

 var options = new JwtBearerOptions
        {
            Audience = "myApp",
            Authority = "https://securetoken.google.com/myApp"
        };

Unfortunately this is not working. My Authority URL is probably incorrect.

Does anyone know which Authority URL is correct?

Improve this question

2 Answers 2

Reset to default
4

The JWT validation need to be manual : source

The following code is validating the FirebaseToken (JWT) :

    //Download certificates from google
    HttpClient client = new HttpClient();
    var jsonResult = client.GetStringAsync("https://www.googleapis.com/robot/v1/metadata/x509/[email protected]").Result;

    //Convert JSON Result
    var x509Metadata = JObject.Parse(jsonResult)
                        .Children()
                        .Cast<JProperty>()
                        .Select(i => new x509Metadata(i.Path, i.Value.ToString()));

    //Extract IssuerSigningKeys
    var issuerSigningKeys = x509Metadata.Select(s => s.X509SecurityKey);

    //Setup JwtTokenHandler 
    var handler = new JwtSecurityTokenHandler();
    SecurityToken token;
    handler.ValidateToken(user.FirebaseToken, new TokenValidationParameters
    {
        IssuerSigningKeys = issuerSigningKeys,
        ValidAudience = "myApp",
        ValidIssuer = "https://securetoken.google.com/myApp",
        IssuerSigningKeyResolver = (arbitrarily, declaring, these, parameters) => issuerSigningKeys
    }, out token);

public class x509Metadata
{
    public string KID { get; set; }
    public string Certificate { get; set; }
    public X509SecurityKey X509SecurityKey { get; set; }

    public x509Metadata(string kid, string certificate)
    {
        KID = kid;
        Certificate = certificate;
        X509SecurityKey = BuildSecurityKey(Certificate);
    }

    private X509SecurityKey BuildSecurityKey(string certificate)
    {
        //Remove : -----BEGIN CERTIFICATE----- & -----END CERTIFICATE-----
        var lines = certificate.Split('\n');
        var selectedLines = lines.Skip(1).Take(lines.Length - 3);
        var key = string.Join(Environment.NewLine, selectedLines);

        return new X509SecurityKey(new X509Certificate2(Convert.FromBase64String(key)));
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Firebase publishes JWKs with standard format here:

https://www.googleapis.com/service_accounts/v1/jwk/[email protected]

(though they don't mention it in the docs)

I found this information here: https://github.com/cfworker/cfworker/issues/89#issuecomment-748422827

Improve this answer

2 Comments

As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.
This does not provide an answer to the question. Once you have sufficient reputation you will be able to comment on any post; instead, provide answers that don't require clarification from the asker. - From Review

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.