Menu
On my server I'm seeing these errors when using firebase admin sdk .verifyIdToken()
Firebase ID token has expired. Get a fresh token from your client app and try again
Firebase ID token has "kid" claim which does not correspond to a known public key. Most likely the ID token is expired, so get a fresh token from your client app and try again. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.
On the client side I'm doing this before every request between browser <> server:
firebase.auth().currentUser.getIdToken() It's my understanding from reading the docs that this function will get a valid, non-expired token because the SDK in the background will refresh itself as-needed. Optionally, I can pass in true to this function to force a refresh.
Why does this getIdToken() function seem to be sending expired tokens to my backend?
It seems like to resolve this my options are:
true to force refresh every time I call getIdToken(). This is needlessly expensive because it will add the overhead of a whole round-trip network request from the browser <> firebase before the request from browser <> my servergetIdToken() the way I am now - decode the token manually on the client side, check the expiration, if it is expired then call getIdToken(true) again to force a refresh and send that newly refreshed token to my serverIs number 2 the recommended/expected way to deal with this? It seems like something is wrong here...
669
When a user or device successfully signs in, Firebase creates a corresponding ID token that uniquely identifies them and grants them access to several resources, such as Firebase Realtime Database and Cloud Storage. You can re-use that ID token to identify the user or device on your custom backend server.
The Firebase Admin SDK has a built-in method for creating custom tokens. At a minimum, you need to provide a uid , which can be any string but should uniquely identify the user or device you are authenticating. These tokens expire after one hour.
An ID token is available when a Credential object's user ID matches the user ID of a Google account that is signed in on the device. To sign in with an ID token, first retrieve the ID token with the getIdTokens method. Then, send the ID token to your app's backend.
The token expires after typically an hour. getIdToken will refresh the cached token if it is expired. Make sure you always call that on the client when you need to send the token to your server. If you cache the token and always send it to your backend, it will be expired at some point.
Also just in case, ensure your server clock is synchronized. It is unlikely but your clock could be out of sync for some reason.
145
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
