Is it possible to validate Firebase's authToken every time my Swift app makes a request?

Question

I'm developing a backend for my iOS and Mac app. I used Firebase Auth UI to set up Apple login. I'm validating authToken on login in PHP. What's the best way to protect other endpoints? Is it possible to validate Firebase's $authToken on every request? I'm thinking about whether I should create my own application token or use the one provided by Firebase.

P粉545218185 · Answer

Since ID tokens are immutable and valid until their expiration date, many backends for Firebase decode and validate the ID token obtained from Firebase and then cache the result - using (hash value) ID token as the key and the decoded token as the value. This allows them to check on each call whether the decoded ID token is still valid/not expired without having to decode it every time (which is a more expensive operation).

Is it possible to validate Firebase's authToken every time my Swift app makes a request?

reply all(1)I'll reply