Firebase JWT tokens

[davidmartos96]

Would it be possible to add support for validation of Firebase generated auth JWT tokens?
Unfortunately those tokens are not always generated with the same private key, so to verify them, the public key needs to be fetched at run time.

I'm not sure if there would be a way to implement this in a general way for other providers, but Firebase being one of the most popular BaaS, it might be worth adding a special way of handling it to simplify the auth flow.

More information here:

https://firebase.google.com/docs/auth/admin/verify-id-tokens?hl=en#verify_id_tokens_using_a_third-party_jwt_library

[alco]

Hey @davidmartos96 👋

Thanks for the request! I've converted it from an issue to a discussion.

To your point, Firebase implements the JWK standard by including kid in the JWT header and providing an endpoint where its public keys can be fetched from. As a matter of fact, we have an internal issue for implementing key lookup at runtime. So this capability can work in a generic fashion and support not only Firebase but other providers that follow the RFC.

VAX-690 is the relevant internal issue.

[davidmartos96]

@alco I didn't know about JWK, thanks for the information! Glad to hear it is being considered

[KyleAMathews]

👋 we've been working the last month on a rebuild of the Electric server over at a temporary repo https://github.com/electric-sql/electric-next/

You can read more about why we made the decision at https://next.electric-sql.com/about

We're really excited about all the new possibilities the new server brings and we hope you'll check it out soon and give us your feedback.

We're now moving the temporary repo back here. As part of that migration we're closing all the old issues, PRs, and discussions. We really appreciate you taking the time to start this discussion! If it's still relevant in the new system, please reopen.