Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth: GetToken() generates invalid token (Firebase ID token has invalid signature) #3

Closed
eliezedeck opened this issue Mar 22, 2019 · 15 comments

Comments

@eliezedeck
Copy link

eliezedeck commented Mar 22, 2019

This error is likely to be related to https://stackoverflow.com/questions/44014877/firebase-id-token-has-invalid-signature in 2017.

  • I am using the C++ client SDK, targetting Android platform
  • I properly get a token that contains good information (when checked with https://jwt.io/)
  • This token's provider is Google Sign In
  • As reported on the above StackOverflow question, Email & Password provider generates a proper token
  • I have an HTTPS Cloud Function that verifies this token using admin.auth().verifyIdToken()
  • An exception is generated when I verify any token from the client, with the following message: Firebase ID token has invalid signature. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.

I have tried to manually verify the token, and I could not verify the token to match any keys I could find. I have tried the following keys:

I believe this is a bug, not a temporary issue. And I also believe this is a supported use-case, so it needs to be fixed. As reported by the StackOverflow question, this also applies to Unity.

Thanks.

@a-maurice
Copy link
Contributor

Hi @eliezedeck

Thanks for the information. I will follow up with the Firebase Authentication team to see if we can figure out what the problem might be.

@justinwyer
Copy link

@a-maurice I have just started using firebase auth with a flutter application and I am running into exactly the same problem. It appear (in my case) that the token is missing part of the signature portion of the JWT.

The first token below was created in the flutter application using: https://github.com/flutter/plugins, the second was created using the web client: https://github.com/firebase/firebase-js-sdk

eyJhbGciOiJSUzI1NiIsImtpZCI6ImZmMWRmNWExNWI1Y2Y1ODJiNjFhMjEzODVjMGNmYWVkZmRiNmE3NDgiLCJ0eXAiOiJKV1QifQ.eyJuYW1lIjoiSnVzdGluIFd5ZXIiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDMuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1GQjhMbERoRlNVOC9BQUFBQUFBQUFBSS9BQUFBQUFBQUJtQS9ubGotRXd5NGx1QS9waG90by5qcGciLCJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vc3VzdS1kZXYiLCJhdWQiOiJzdXN1LWRldiIsImF1dGhfdGltZSI6MTU1NDEzMTI3NywidXNlcl9pZCI6Ikx3aUJSYmpvaXZmRDdXd3pOekFjT3JoTFVheDEiLCJzdWIiOiJMd2lCUmJqb2l2ZkQ3V3d6TnpBY09yaExVYXgxIiwiaWF0IjoxNTU0MTMxMjc4LCJleHAiOjE1NTQxMzQ4NzgsImVtYWlsIjoianVzdGluQGxpZmVhc2FnZWVrLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJmaXJlYmFzZSI6eyJpZGVudGl0aWVzIjp7Imdvb2dsZS5jb20iOlsiMTA2NTExOTYzODMxMzg0NzY5MTE2Il0sImVtYWlsIjpbImp1c3RpbkBsaWZlYXNhZ2Vlay5jb20iXX0sInNpZ25faW5fcHJvdmlkZXIiOiJnb29nbGUuY29tIn19.gHMBeEx_dCJE8ESpa1C1g210ubuMREFlVsUYhQyCeW59CKwKI_yCXY3WJ9POMrBGsGjF7IOEkgZddAb10ETdUYCLLZn2up0gPl6-Vo5waEq0Bp5f24p7LQbiIptYX-_n0jpqU7U8obUopIU96QR8goeGDnY4WcYDo_L-6ec_1mSvK9tTExIifFv-yp_lyZhf0G2CkulwQBpe2hk-
eyJhbGciOiJSUzI1NiIsImtpZCI6ImZmMWRmNWExNWI1Y2Y1ODJiNjFhMjEzODVjMGNmYWVkZmRiNmE3NDgiLCJ0eXAiOiJKV1QifQ.eyJuYW1lIjoiSnVzdGluIFd5ZXIiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDMuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1GQjhMbERoRlNVOC9BQUFBQUFBQUFBSS9BQUFBQUFBQUJtQS9ubGotRXd5NGx1QS9waG90by5qcGciLCJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vc3VzdS1kZXYiLCJhdWQiOiJzdXN1LWRldiIsImF1dGhfdGltZSI6MTU1NDExNjcwNSwidXNlcl9pZCI6Ikx3aUJSYmpvaXZmRDdXd3pOekFjT3JoTFVheDEiLCJzdWIiOiJMd2lCUmJqb2l2ZkQ3V3d6TnpBY09yaExVYXgxIiwiaWF0IjoxNTU0MTMxMDYzLCJleHAiOjE1NTQxMzQ2NjMsImVtYWlsIjoianVzdGluQGxpZmVhc2FnZWVrLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJmaXJlYmFzZSI6eyJpZGVudGl0aWVzIjp7Imdvb2dsZS5jb20iOlsiMTA2NTExOTYzODMxMzg0NzY5MTE2Il0sImVtYWlsIjpbImp1c3RpbkBsaWZlYXNhZ2Vlay5jb20iXX0sInNpZ25faW5fcHJvdmlkZXIiOiJnb29nbGUuY29tIn19.AspFg7qbFmMhM2beSaSkvqmJT2tdhxnMf-uvFwJVX53FBP5m4WbKIOAGwQz7Gr7mvmVpdbUa3kpR7qQLOEXfVlYSa7O6mVLRbzuTov5swKlqG81Djc7dodCXOevxPP5yolafcIzj7OF62d4LqLnySOD0l2tzkhQcGASlAcDkd6J3-_DSK04VbbNLqg4fTt9hnvXmEV-MFMtxMpNwS6iNYh5IYP2xMH1hffWVL9cbm7Mc4j952sd6uu5-C4bTYsZurS5I8Zx2bgJ5E6JLRPFhKmUBmgFVZh3HYxDW3SkTTMAhfIV9p5GXpa3iW6xKxAZraKF8DlpISHoFWZoMicHYYg

@alan89
Copy link

alan89 commented Apr 3, 2019

Hello @eliezedeck,

Could you provide some examples of your JWTs just like @justinwyer? That information will be used to verify what is failing and determinate if we can prevent the error somehow. In case you don't feel comfortable sharing that information here, you can open a support case .

Thanks :)

@stewartmiles
Copy link
Contributor

Hi @justinwyer & @eliezedeck any update on this? Did you resolve your issue?

@eliezedeck
Copy link
Author

Hi, unfortunately, I'm currently working on a different project and have no spare time to re-check this (it's in a completely different OS on a different drive).

To be clear, I don't think there is a way to solve this issue from our side. It has to be solved from Firebase team's side since we don't know how these tokens are generated and with which key.

@alan89, are you from Firebase team? Apparently, this issue shouldn't be hard to trace, but I don't know anything about the Firebase internals at Google's side. Tracing which internal API is the C++/Unity SDK is using should probably reveal the problem. That said, it shouldn't require us to provide our generated JWTs; while that can be done, I am currently in a situation where I can't re-generate new tokens.

@francis6425

This comment has been minimized.

@a-maurice
Copy link
Contributor

Hi @francis6425,

We are still having some trouble getting this bug tracked down on our end. If you could file a support request via https://firebase.google.com/support, and provide that with the tokens that are having the problem, that might help us track down the issue faster.

@wens134

This comment has been minimized.

@lmott337
Copy link

I also have this issue when retrieving the token in Firebase and then trying to sign in again (after a period of inactivity). Using jwt.io it does report invalid signature.

@rohantalesara

This comment has been minimized.

@wens134
Copy link

wens134 commented Jul 11, 2019

My issue was because the id token printed out in dart console is truncated to 1000 characters.
No issue on the SDK.
It was just dart didnt print full token so half of the siganture is not printed out

@jbankz

This comment has been minimized.

@morganchen12
Copy link

Hey all, if you're using flutter, this issue does not apply to you since the flutter Firebase plugins don't use the C++ SDK. Please file an issue on the FlutterFire repository.

If you are encountering this issue when using the C++ SDK, please comment here with a runnable repro case or file an issue at Firebase support.

@morganchen12 morganchen12 added the needs-info Need information for the developer label Feb 25, 2020
@morganchen12
Copy link

Closing since this issue has staled.

@morganchen12 morganchen12 removed the needs-info Need information for the developer label Apr 1, 2020
@letanloc1998
Copy link

I have same problem
I generate token by method create_token_uid
But I can't using verify_token_uid method

@firebase firebase locked and limited conversation to collaborators May 2, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests