Menu
How do I verify idToken sent from the client on the server?
I am following the docs here using python. Basically I signed in on the client with email and password which returns the idToken, and then I send this idToken to server for verification, but got the error as below.
ValueError: Firebase ID token has incorrect "iss" (issuer) claim. Expected "https://securetoken.google.com/myproject" but got "https://identitytoolkit.google.com/". Make sure the ID token comes from the same Firebase project as the service account used to authenticate this SDK. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.
I am pretty sure I generated the service account json in the same project as the client. Does anybody know what could be the issue?
My Server code looks like this:
from firebase_admin import credentials, initialize_app, auth
def is_authenticated(id_token):
cred = credentials.Certificate("service-account.json")
app = initialize_app(cred)
return auth.verify_id_token(id_token, app)
528
Besides sending the email and password, you also have to set the flag returnSecureToken to true, otherwise your IdToken will not be valid and you will also not get a refresh token.
curl 'https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=[API_KEY]' \
-H 'Content-Type: application/json' \
--data-binary '{"email":"[[email protected]]","password":"[PASSWORD]","returnSecureToken":true}'
Documentation
117
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
