Firebase PHP JWT "OpenSSL unable to verify data: error:0906D06C:PEM routines:PEM_read_bio:no start line"

Question

I'm using Google Cloud PHP API via App Engine. From the client device, a request is being sent through POST with a Firebase Auth token. I am, as per Firebase PHP JWT's documentation, trying to decode the token with this code:

$decoded = JWT::decode($token, $key, array('RS256'));

$token is a line like (this being invalid for security reasons):

eyJhbGciOiJSUzI1asdaNiIsImtpZCI6Ijk2N2Q3NzQ4YmM5NTMTIzNzRhZWQasdasd3MzEyYzcwNjEyZTRlNTM4NmUifQ.tuaAsjdlkjvsdngeoijAnlnbfgLkoosdfKLnm,werkldsfNkndfkdsnfkfnlNKL2i34nkNJioj4Kkoj234j%jij1kjojsdffds98giojerNNjasndasiNjasdnJAjnasdkjnFoFjoFJOIAASD8990adsaaDknnkngs.v_Ko6HZjrahbihLbw2Bm7EuslEC2SSHXNK79rDbD9qIIVYxPjCsubsdfkyAWDIoJHwjkM9TtssYS-1Cjd_xkXghfILuDZpzLsHV6rF20J4n3eUTrsnmLDHK6UB5N3yK2LYoF1UoFrsiyWenfqELfE4Gx5wlfmsylTS1foS2CWRrT1ccqmJBinWiY6JNUS-0gg-2Aecf_VJ63RD9308sBKy1DUsBeje9yG8w2YpYsAqKIlMTC-FqLLpHlKe4LZxcveiqSF4J6PgvcLSPTMmg7-Li_8m41O-wfU1zwSpS1SJ73RJNg-kvRZ1y1ll8ExqXjZkazRDVkYVo6yu5AXi1Onl6FqBLA

Checking the token through JWT.io will hand me a correct payload.

Now for the $key part. I have downloaded the Default Service Account JSON file from Google API Console. If I use the "private_key" which looks like:

-----BEGIN PRIVATE KEY-----\n[VERY_LONG_PRIVATE_KEY]\n-----END PRIVATE KEY-----\n

I get this error:

openssl_verify(): supplied key param cannot be coerced into a public key

I found an answer here at StackOverflow, that this could be used to convert the private key to a public key:

$private_key = openssl_pkey_get_private($c->serviceAccount->private_key);
$details = openssl_pkey_get_details($private_key);
$public_key = $details['key']

So if I use the $public_key instead, I get another error stating the following:

Uncaught exception 'DomainException' with message 'OpenSSL unable to verify data: error:0906D06C:PEM routines:PEM_read_bio:no start line

The public key looks like:

-----BEGIN PUBLIC KEY-----\n[VERY_LONG_KEY]\n-----END PUBLIC KEY-----\n

So it seems like it should work. But it doesn't. The algorithm RS256 is the correct one as well.

Any help appreciated!

Answer 1

I ran into the same error while reading my private key using Node.js Error: error:0906D06C:PEM routines:PEM_read_bio:no start line

It turned out the issues was that Google Cloud converted \n into \\n. When I converted it back to \n, it worked.

const functions = require('firebase-functions');
const admin = require('firebase-admin');
const bigquery = require('@google-cloud/bigquery');

const config = functions.config();
admin.initializeApp(config.firebase);
const firestore = admin.firestore();

const sanitizePrivateKey = (key) =>
  key.replace(/\\n/g, '\n');

/* firebase converts \n to \\n, we have to convert it back */
if (config.credentials) {
  config.credentials.private_key = sanitizePrivateKey(config.credentials.private_key);
}

const bigqueryClient = bigquery({
  projectId: 'screencastify-staging',
  // eslint-disable-next-line
  credentials: config.credentials,
});