Firebase Verify Token

Firebase Verify Token

A Dart/Flutter plugin to verify Firebase JWT tokens, supporting multiple Firebase projects across any platform.

Pub Version Pub Likes Pub Points GitHub license

πŸ“± Supported Platforms

Android iOS macOS Web Linux Windows
βœ”οΈ βœ”οΈ βœ”οΈ βœ”οΈ βœ”οΈ βœ”οΈ

πŸ” Overview

firebase_verify_token_dart verifies Firebase JWT tokens entirely in Dart without relying on backend services. It performs:

  • βœ… Project ID validation against a whitelist
  • βœ… Issuer check to ensure token is from Firebase
  • βœ… Expiration check
  • βœ… JWT structure validation

βš™οΈ Installation

Add the dependency:

dependencies:
  firebase_verify_token_dart: ^latest

Then run:

flutter pub get

πŸš€ Quick Start

1. Import the package

import 'package:firebase_verify_token/firebase_verify_token.dart';

2. Initialize with your Firebase project IDs

FirebaseVerifyToken.projectIds = [
  'project-id-1',
  'project-id-2',
];

πŸ” Token Verification

βœ… Basic Verification

final isValid = await FirebaseVerifyToken.verify('your-firebase-jwt-token');

if (isValid) {
  // Token is valid
}

🧠 With Callback (for project ID and duration)

await FirebaseVerifyToken.verify(
  'your-firebase-jwt-token',
  onVerifySuccessful: ({required bool status, String? projectId, int? duration}) {
    if (status) {
      print('Valid token for project: $projectId in ${duration}ms');
    } else {
      print('Invalid token (checked in ${duration}ms)');
    }
  },
);

πŸ“˜ API Reference

Method Description
Future<bool> FirebaseVerifyToken.verify(String token, { void Function({required bool status, String? projectId, int? duration})? onVerifySuccessful }) Verifies the JWT token and optionally provides project ID and verification duration.
String FirebaseVerifyToken.getUserID(String token) Extracts the user ID (sub claim) from a JWT without verifying it.
String? FirebaseVerifyToken.getProjectID(String token) Extracts the Firebase project ID (aud claim) from a JWT without verifying it.

πŸ”„ Complete Example

import 'package:firebase_verify_token/firebase_verify_token.dart';

void main() async {
  // Set your Firebase project IDs
  FirebaseVerifyToken.projectIds = ['cbes-c64d6', 'test-1'];

  // Sample Firebase JWT token
  const token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6ImE4Z...'; // shortened for clarity

  // Verify the token with callback
  await FirebaseVerifyToken.verify(
    token,
    onVerifySuccessful: ({
      required bool status,
      String? projectId,
      required int duration,
    }) {
      if (status) {
        print('βœ… Token verified for project: \$projectId (\$duration ms)');
      } else {
        print('❌ Token verification failed (\$duration ms)');
      }
    },
  );
}

πŸ’‘ Common Use Cases

  • πŸ” Cross-project auth: Accept users from multiple Firebase projects
  • πŸ”‘ Secure APIs: Verify Firebase tokens server-side or client-side
  • 🌐 Multi-app integration: Authenticate users across a shared ecosystem

🀝 Contributing

Issues and pull requests are welcome!
β†’ Open an issue
β†’ Submit a PR

πŸ“ƒ License

MIT β€” See LICENSE

Libraries

firebase_jwt
firebase_verify_token_dart
models/firebase_mock
models/models