Is it possible to validate Firebase's authToken every time my Swift app makes a request?
P粉037215587
2023-07-30 16:37:18
<p>I'm developing a backend for my iOS and Mac apps. I used Firebase AuthUI to set up Apple Sign In. I'm validating authToken on login in PHP. What is the best way to securely protect other endpoints? Is it possible to validate Firebase's $authToken on every request? <br /><br />I'm wondering if I should always use my own appToken or use Firebase's authToken. </p><p><br /></p>
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Since ID tokens are immutable and valid until their expiration date, many backends for Firebase decode and validate the ID token obtained from Firebase and then cache the result - using (hash value) ID token as the key and the decoded token as the value. This allows them to check on each call whether the decoded ID token is still valid/not expired without having to decode it every time (which is a more expensive operation).