Is jsonwebtoken able to validate Firebase Auth token ?

[hugues31]

Hello,
I try to figure out how to validate a jwt issued by Firebase Auth service.
I try with this code with no chance :

let private_key = "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgk******3sPj2xm0C\nl76YeEQy0+BJqSvNq5Z05g==\n-----END PRIVATE KEY-----\n";
let mut validation = Validation::new(Algorithm::RS256);
let header = decode_header(&token).unwrap();
eprintln!("Token  header: {:?}", header);

let token = decode::<Claims>(&token, private_key.as_ref(), &validation);
eprintln!("Token : {:?}", token.unwrap());

And Claim struct:

#[derive(Debug, Serialize, Deserialize)]
struct Claims {
    sub: String
}

The header is correctly parsed but the claim cannot be verified (InvalidSignature). Since I'm new to this, maybe I did something wrong, can someone help me please ?

[Keats]

The private key needs to be in DER format, there are some notes on how to convert PEM -> DER there: https://github.com/Keats/jsonwebtoken/blob/master/tests/notes.md

And for decoding you probably want to use the public key, not the private one

[hugues31]

Thanks for your answer :) I read that part and convert my key but I end up with:
private_rsa_key.der:
0������������<�Z�O��� pȷ=S2�ŅY��]#\���"Q���ݘ0�I�@�?��[��G:�|�򮗩)slZ3�e74�$2���B��b��]���=�W$�F)?�v���3^���R|��R�P�{��t�j�Y튠�����~����X�L�� �ש�>y���Ō ��D���-��1�_լ�?��#$ �����<.�ǵ����,1�@�I��,��D��g���4ĩ�&WGx�mh�7�n������N@��u����^����+�d��a��ڿ�X�R�� ��#��������c�d(JƲ��xbIߑ���!AG��ҽ������=��.�����u������Nn�ΝS �@���&�_Ļ1?����'�5�{���XR��&���3�K�F

How can this work ?
I'll give a try with public key and update my post accordingly, thanks !

[Keats]

(Hopefully it's not a private key in use you've posted, otherwise you need to change it).

DER format is binary, here's an example on how to encode/decode tokens using RSA: https://github.com/Keats/jsonwebtoken/blob/master/tests/rsa.rs#L15-L19

[hugues31]

No I cropped the key haha. Thanks for your help, I'll try with that
EDIT: So my problem is that public keys are here https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com and are formatted in json. So I create a PEM file like this: public_key_rsa.pem

-----BEGIN CERTIFICATE-----
MIIDHDCCAgSgAwIBAgIICTrUL3hG7OIwDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE
AxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMTcx
MTI2MDA0NTI2WhcNMTcxMTI5MDExNTI2WjAxMS8wLQYDVQQDEyZzZWN1cmV0b2tl
bi5zeXN0ZW0uZ3NlcnZpY2VhY2NvdW50LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMqNOljesiVfw2PtdtOkhwkyD/7yLVNZDqz4UJS3k65uJj2I
OGCREFZC3ZkaQH/5hes86sJH6Rh4Wo6+vf67hhHl9Cjx8a1zTElM2rQzDK0o7Z5N
UA5+2jEcqUwOeFoz/bZYdIeyLTgb/rNYeUL2aS+N++XYHK7EO1Qk8rxO1wrw0BwD
Q5P7Wy+LbQ9jgRxP0f6caR+Z0EshUshOuh4FVTrsbN/muLFhJTucYWQ8Exa3pPla
KNxS1qUoFnSKsr9xMpLfBvkcMWjAIaYJKXxHo7zoXkeTR9HfXuyayNQfjRBSRjG3
2WFDRdYOrwFIi2p9hdXSd1T9jnKQ95p+0ucVbYcCAwEAAaM4MDYwDAYDVR0TAQH/
BAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDQYJ
KoZIhvcNAQEFBQADggEBAGrPWKObDYxuXK/+6E1XereCfcUHGIGtG8UFxePYiouB
linr6tkTE2GulxloA40HP780CJW4PuBDLgGfgpFcnzY24ftMD/MmUUFdgoNYEAJe
ub/dN27Zq+FML2vwGKlX0peNIsBG3T8/1ii+a2zScwx4CRSRqTH7VU+Jnib2wjNb
srsAMZe9mq/eZVI8srv39uHq3R4uOz9Qhj+igJRglSWt+aCIS694AmDaP5yCbaiC
bMGL53OVCcs5SnTaPR/6h2NWuUYKoJxd57ZnRR5s9C36vj/XCeV7Y2/rM+FHzSH5
sfy6ZZwze/Nnwoj69DNeBH1c9gfDDncqs36/ZZyoN54=
-----END CERTIFICATE-----

But I cannot run the command you quote in the readme because I don't have the private keys. Later, I read that DER files are just PEM base64 decoded files. So I decoded the base64 above with an online service, copy/paste in a public_key_rsa.der file and use it in my code with include_bytes macro but it still does not work. Any idea why ?