State validation fails when getting access token

[andriivachasov]

Hi!
I am facing the issue with app authentication using the following code:

final credential = FirebaseAdmin.instance.certFromPath('path/to/private/key');
final token = await credential.getAccessToken();

The output is:

FirebaseAppError(app/invalid-credential): Credential implementation provided to initializeApp() via the "credential" property failed to fetch a valid Google OAuth2 access token with the following error: "Invalid argument(s): State does not match."

I tried to find what's wrong and found that when creating the credential, the Flow.callback is called without state key in the response map. In case of jwtBearer flow the Flow.state is randomly generated and it is compared to response.state in Flow.callback.
As the response.state is empty, state validation fails with the output described above.

I am not a guru of all this authentication stuff and not sure if removing state validation is a good solution here, but it fixes this issue.
I Is there a known workaround for this issue?

Thanks!

[SaadArdati]

I'm getting the same error!

[mandreshope]

Same error !

[akfaisel]

Is there any fix? I'm stuck at the same error.

[SaadArdati]

@akfaisel Since this project feels abandoned, I made my own firebase admin sdk https://pub.dev/packages/dartbase_admin and implemented my own token generation. Try it out and tell me if it works out for you.

[tomrozb]

@SwissCheese5 I've checked your package, seems like it's not possible to update user using Firebase Auth. I just need to confirm user email address.

[SaadArdati]

@tomrozb Yes, I'm sorry about that. I made the package with the intent of using firestore, firebase storage, and user token verification. It should be very simple to implement the firebase auth APIs you want if you want to make a pull request. Shouldn't take more than a method or two to make the appropriate get/post requests here https://github.com/SwissCheese5/Dartbase-Admin-SDK/blob/master/lib/auth/user_gateway.dart.

We can discuss further in an issue over in that repo if you would like

[akfaisel]

@akfaisel Since this project feels abandoned, I made my own firebase admin sdk https://pub.dev/packages/dartbase_admin and implemented my own token generation. Try it out and tell me if it works out for you.

Thanks for your reply. I'll give your package a try and upvote it. I can see only one function getUserById but I need other functions to get userlist and deleteuser. Is it available in your package?

[rbellens]

Thanks for the report. This should now be fixed in version 0.1.3

[SaadArdati]

@akfaisel Since this project feels abandoned, I made my own firebase admin sdk https://pub.dev/packages/dartbase_admin and implemented my own token generation. Try it out and tell me if it works out for you.

Thanks for your reply. I'll give your package a try and upvote it. I can see only one function getUserById but I need other functions to get userlist and deleteuser. Is it available in your package?

No, but it's very easy to add if you'd like to make the pull request :)