verifyIdToken method

  1. @override
Future<DecodedIdToken> verifyIdToken(
  1. String idToken, {
  2. bool checkRevoked = false,
})

Verifies a Firebase ID token (JWT). If the token is valid and its tenant_id claim matches this tenant's ID, the returned Future is completed with the token's decoded claims; otherwise, the Future is rejected with an error.

idToken - The ID token to verify. checkRevoked - Whether to check if the ID token was revoked. If true, verifies against the Auth backend to check if the token has been revoked.

Returns a Future that resolves with the token's decoded claims if the ID token is valid and belongs to this tenant; otherwise, a rejected Future.

Implementation

@override
Future<DecodedIdToken> verifyIdToken(
  String idToken, {
  bool checkRevoked = false,
}) async {
  final decodedClaims = await super.verifyIdToken(
    idToken,
    checkRevoked: checkRevoked,
  );

  // Validate tenant ID.
  if (decodedClaims.firebase.tenant != tenantId) {
    throw FirebaseAuthAdminException(
      AuthClientErrorCode.mismatchingTenantId,
      'The provided token does not match the tenant ID.',
    );
  }

  return decodedClaims;
}