• Home
  • Jobs
  • Courses
  • Questions
  • Teachers
  • For business
  • ES/EN

0

8
Views
Firebase ID token has invalid signature even on jwt

Firebase ID token has invalid signature

Hi all, I'm somehow new to NodeJS and I've only used Google Firebase a few times. Now, I'm trying to verify an idToken generated using getIdToken() method whenever a user signs up or signs in. The token generation works fine but if I try to use this token to authorize a user admin.auth().verifyIdToken(idToken) on another route, I get this error Firebase ID token has invalid signature on Postman. I tried to verify the token on jwt.io as well, it gave error Invalid Signature.

I tried switching to different algorithms, some eventually made the token valid on jwt, but there is usually a VERIFY SIGNATURE box by the bottom-right which I don't really know what to fill there. Well, I've tried copying different newly generated valid tokens by jwt after changing algorithm, but I still get Firebase ID token has invalid signature from Postman.

Does anyone know what the problem may be? Please help.

4 months ago ·

Santiago Trujillo

5 answers
Answer question

0

For some reason, verifyIdToken function throws "Firebase ID token has invalid signature" each time for valid tokens when used in Firebase Emulator locally. I fixed this problem by starting using firebase hosted auth instead of emulator auth (remove auth property from firebase.json). Also, I reported the bug to Firebase.

4 months ago · Santiago Trujillo Report

0

The problem comes from the Firebase Emulator Auth. The Firebase-hosted Auth is unable to verify JWT token generated by the Firebase Emulator Auth.

4 months ago · Santiago Trujillo Report

0

TLDR;

Prefer log from dart:developer over print and debugPrint.


I was not using the emulator...

I'm new to Firebase and have experienced this, and even upvoted GeniusHawlah's as Taras Mazurkevych's answers... But couldn't find anything in the Firebase setup related to the simulator that I did.

So it happened I was testing my firebase using a truncated JWT token, printed from Dart's debugPrint (which limits truncates output). I was successful in using log from dart:developer!

I was enlightened by https://github.com/flutter/flutter/issues/22665#issuecomment-456858672.

4 months ago · Santiago Trujillo Report

0

I encountered a similar problem, figured out that by BE was pointing to the local emulator, but FE was pointing to the remote Firebase Auth (because of a bug in the code firebase.auth().useEmulator(...) wasn't called)

4 months ago · Santiago Trujillo Report

0

To verify the token on jwt.io, you need to grab one of the public keys from https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com (the "JWK URI", however, is https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com)

Use the kid from jwt.io to know which public key to use from the link above

enter image description here

Paste in the correct key (be sure to clear out any \n characters if they're there) and it should verify correctly:

valid sig

Source: https://firebase.google.com/docs/auth/admin/verify-id-tokens

4 months ago · Santiago Trujillo Report
Answer question
Find remote jobs
Loading

Discover the new way to find a job!

Top jobs
Top job categories
Business
Post job Plans Our process Sales
Legal
Terms and conditions Privacy policy
© 2022 PeakU Inc. All Rights Reserved.