Firebase JWT tokens are a little unusual because they don't use secrets or JWKS but have public X509 certs