Linked Questions

Popular Questions

What is the difference between doing this

 [Authorize]
  private static async Task<IResult> InsertEmpresa(HttpContext httpContext)
  {
    Console.WriteLine("Teste InsertEmpresa");
    return Results.Ok();
  }

and verifying the firebase token using this?

var auth = FirebaseAdmin.Auth.FirebaseAuth.DefaultInstance;
await auth.VerifyIdTokenAsync(request.Token);

I also have this on my Program.cs:


builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
{
    options.Authority = "https://securetoken.google.com/PROJECT-ID";
    options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidIssuer = "https://securetoken.google.com/PROJECT-ID",
            ValidateAudience = true,
            ValidAudience = "PROJECT-ID",
            ValidateLifetime = true            
        };
});

Shouldn't the IssuerSigningKey be informed too? If not, how does it know the token is valid?

I'm not sure I'm doing it right.

Related Questions