Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Firebase ID token has invalid signature even on jwt

Tags:

node.js

firebase

jwt

Firebase ID token has invalid signature

Hi all, I'm somehow new to NodeJS and I've only used Google Firebase a few times. Now, I'm trying to verify an idToken generated using getIdToken() method whenever a user signs up or signs in. The token generation works fine but if I try to use this token to authorize a user admin.auth().verifyIdToken(idToken) on another route, I get this error Firebase ID token has invalid signature on Postman. I tried to verify the token on jwt.io as well, it gave error Invalid Signature.

I tried switching to different algorithms, some eventually made the token valid on jwt, but there is usually a VERIFY SIGNATURE box by the bottom-right which I don't really know what to fill there. Well, I've tried copying different newly generated valid tokens by jwt after changing algorithm, but I still get Firebase ID token has invalid signature from Postman.

Does anyone know what the problem may be? Please help.

like image 303
GeniusHawlah Avatar asked Mar 24 '21 13:03

GeniusHawlah

People also ask

Why does JWT say invalid signature?

For Invalid JWT Signature, check if your service account key has expired. Go to your APIs & Services to add a new key if it has.

Does Firebase Auth use JWT?

Firebase gives you complete control over authentication by allowing you to authenticate users or devices using secure JSON Web Tokens (JWTs). You generate these tokens on your server, pass them back to a client device, and then use them to authenticate via the signInWithCustomToken() method.

How do I use Firebase token ID?

To do so securely, after a successful sign-in, send the user's ID token to your server using HTTPS. Then, on the server, verify the integrity and authenticity of the ID token and retrieve the uid from it. You can use the uid transmitted in this way to securely identify the currently signed-in user on your server.

How long is a Firebase token valid?

Firebase ID tokens are short lived and last for an hour; the refresh token can be used to retrieve new ID tokens. Refresh tokens expire only when one of the following occurs: The user is deleted. The user is disabled.

Video Answer

1 Answers

The problem comes from the Firebase Emulator Auth. The Firebase-hosted Auth is unable to verify JWT token generated by the Firebase Emulator Auth.

like image 96
GeniusHawlah Avatar answered Sep 26 '22 17:09

GeniusHawlah

Sign in to Comment

Related questions

Storing and getting boolean with Redis
Why is this Array.sort behaviour different in Chrome vs Node.js
Getting net::ERR_INCOMPLETE_CHUNKED_ENCODING 200 when consuming event-stream using EventSource in ReactJs
How to display an [object Object] on angular UI?
Is it posible to update ssl cert without server restarting?
findbyIdAndUpdate not working when there is addition of records in collection
Unable to sideload the Office Add-in when running 'npm start'
How to connect a ClojureScript node REPL to my :node-library shadow-cljs project?
socket.io is getting error: "Unexpected token ..."
Corrupted image on uploading image to AWS-S3 via signed url
Stripe Intent API Hold Card and then Charge Not Working
Deploying Nuxt with Docker, env variables not registering and unexpect API call?
How get notifications from stack overflow for new questions?
Dockerizing Node.js app - what does: ENV PATH /app/node_modules/.bin:$PATH
Express generate and return QR code on GET request
JS: nvmrc vs package.json engines?
MongoDB insertMany and skip duplicates
mongoose Namespace has no exported member 'OptionalId'
Best way to store images in MERN stack web application
Can't access process.env values using dynamic keys

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!