I am trying to setup an Android app communicating with a NodeJS REST API that communicates with Firebase but it seems the firebase token does not work for me.
I'm running a local nodejs server and an Android simulation locally now to test it out and here is how it looks:
Android method:
@Override
public void onNewToken(String token) {
Log.i(TAG, "Refreshed token: " + token);
postRegistrationToken(token);
}
This correctly generates and sends to the REST API.
Log shows:
Refreshed token: "MY_TOKEN_STRING"
in NodeJS:
app.post('/api/token/get', (req, res) => {
const token = req.body.registrationToken;
LOG.info(`Acquired token: ${token}`);
admin.auth().verifyIdToken(token)
.then((decodedToken) => {
LOG.info(`Successfully validated registrationToken ${token}`);
//stuff
})
.catch((err) => {
LOG.error(err)
});
});
The verifyIdToken fails but the token is the same that was generated in the Android client:
Acquired token: "MY_TOKEN_STRING"
Error: Decoding Firebase ID token failed.
Make sure you passed the entire string JWT which represents an ID token.
See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.
I tried to validate the token in a JWT validator website like https://www.jsonwebtoken.io/ but they say it's an invalid signature.
Am I missing something or what could be wrong?
The Firebase Admin SDK has a built-in method for verifying and decoding ID tokens. If the provided ID token has the correct format, is not expired, and is properly signed, the method returns the decoded ID token. You can grab the uid of the user or device from the decoded token.
Every time a user signs in, the user credentials are sent to the Firebase Authentication backend and exchanged for a Firebase ID token (a JWT) and refresh token. Firebase ID tokens are short lived and last for an hour; the refresh token can be used to retrieve new ID tokens.
Get an ID token from the Credentials object After you retrieve a user's credentials, check if the Credentials object includes an ID token. If it does, call getIdTokens to retrieve it, and send it to your backend by HTTPS POST.
Verify ID tokens using the Firebase Admin SDK The Firebase Admin SDK has a built-in method for verifying and decoding ID tokens. If the provided ID token has the correct format, is not expired, and is properly signed, the method returns the decoded ID token. You can grab the uid of the user or device from the decoded token.
The type of exception thrown by the Firebase SDK in the event of an authentication failure can be used to identify more information about the cause of the failure. In the previous section, the built-in failure description was presented to the user, but the app itself made no attempt to identify the cause of the failure.
The provided email is already in use by an existing user. Each user must have a unique email. The provided Firebase ID token is expired. The Firebase ID token has been revoked.
DefaultInstance . VerifyIdTokenAsync ( idToken ); string uid = decodedToken. Uid; ID token verification requires a project ID. The Firebase Admin SDK attempts to obtain a project ID via one of the following methods: If the SDK was initialized with an explicit projectId app option, the SDK uses the value of that option.
You seem to be getting the Firebase Instance ID token (also known as an FCM token) on the client, and then trying to verify that it's a valid Firebase Authentication ID token.
The two tokens are quite different and serve different purposes, and the Authentication Admin SDK correctly fails to verify the FCM token.
To get the an Firebase Authentication ID token, you should call FirebaseUser.getIdToken()
. For an example of this, see the documentation on getting an ID token.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With