firebase-edge-auth
Version:
Firebase token decoder for edge runtimes
45 lines (44 loc) • 1.56 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.decodeFirebaseToken = exports.fetchPublicKeys = void 0;
const jose_1 = require("jose");
const FIREBASE_PUBLIC_KEYS_URL = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com";
let publicKeys = {};
let lastFetchTime = 0;
async function fetchPublicKeys() {
const response = await fetch(FIREBASE_PUBLIC_KEYS_URL);
if (!response.ok) {
throw new Error("Failed to fetch Firebase public keys");
}
publicKeys = await response.json();
lastFetchTime = Date.now();
}
exports.fetchPublicKeys = fetchPublicKeys;
async function getPublicKey(kid) {
if (Date.now() - lastFetchTime > 3600000 ||
Object.keys(publicKeys).length === 0) {
await fetchPublicKeys();
}
if (!(kid in publicKeys)) {
throw new Error("Public key not found");
}
return await (0, jose_1.importX509)(publicKeys[kid], "RS256");
}
async function decodeFirebaseToken(token, projectId) {
try {
const { payload } = await (0, jose_1.jwtVerify)(token, async (header) => {
if (!header.kid) {
throw new Error("No 'kid' claim in token header");
}
return getPublicKey(header.kid);
}, {
audience: projectId,
issuer: `https://securetoken.google.com/${projectId}`,
});
return payload;
}
catch (error) {
throw new Error("Invalid Firebase token");
}
}
exports.decodeFirebaseToken = decodeFirebaseToken;