Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Token verification failure for generated tokens #51

Closed
shauvik opened this issue Jul 22, 2017 · 3 comments
Closed

Token verification failure for generated tokens #51

shauvik opened this issue Jul 22, 2017 · 3 comments
Labels
invalid

Comments

@shauvik
Copy link

shauvik commented Jul 22, 2017

[READ] Step 1: Are you in the right place?

Yes

[REQUIRED] Step 2: Describe your environment

  • Operating System version: Mac OSX 10.11.6
  • Firebase SDK version: Not relevant
  • Library version: 2.1.0
  • Firebase Product: auth

[REQUIRED] Step 3: Describe the problem

Verify token fails with an incorrect audience claim error, for token generated with firebase_admin

Steps to reproduce:

  • Use python admin SDK to create a token and verify the same token
Traceback (most recent call last):
  File "create_token.py", line 28, in <module>
    d = auth.verify_id_token(custom_token)
  File "/usr/local/lib/python3.6/site-packages/firebase_admin/auth.py", line 98, in verify_id_token
    return token_generator.verify_id_token(id_token)
  File "/usr/local/lib/python3.6/site-packages/firebase_admin/auth.py", line 272, in verify_id_token
    raise ValueError(error_message)
ValueError: Firebase ID token has incorrect "aud" (audience) claim. Expected "[redacted]" but got "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit". Make sure the ID token comes from the same Firebase project as the service account used to authenticate this SDK. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.

Relevant Code:

#!/usr/bin/env python3

import firebase_admin
from firebase_admin import credentials
from firebase_admin import auth
from os.path import expanduser
import sys

def usage():
    '''Print usage'''
    print("Usage: create_token.py <UID>")
    sys.exit(1)

def init():
    cred = credentials.Certificate(expanduser('~/.mq/serviceAccountKey.json'))
    return firebase_admin.initialize_app(cred)


if __name__ == "__main__":
    if(len(sys.argv) < 2):
        usage()
    uid = sys.argv[1]
    default_app = init()

    custom_token = auth.create_custom_token(uid).decode('utf-8')
    print(custom_token)

    d = auth.verify_id_token(custom_token)
    print(d)
@hiranya911
Copy link
Contributor

verify_id_token() only accepts "ID tokens". Custom tokens are not ID tokens. The reported behavior is what is expected in this case. In fact we have a test case for this very scenario where the expected result is an error.

See documentation for details on how to obtain ID tokens.

@ch3ck
Copy link

ch3ck commented Apr 24, 2018

just had this issue today and this explains it all, but I can see the the test case referenced here @hiranya911 or has it been refactored somewhere else?

@hiranya911
Copy link
Contributor

@ch3ck yes, the test case is now at https://github.com/firebase/firebase-admin-python/blob/master/tests/test_token_gen.py#L343

@rohansingh rohansingh mentioned this issue Nov 30, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
invalid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shauvik @hiranya911 @ch3ck