Invalid Custom TOken

[kadircanerergun]

Im using custom token auth on Firebase. I tried to generate token as the documentation said. But when i try to login in client side with (loginWithCustomToken(token)) method it gives an error below

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "invalid",
    "message": "INVALID_CUSTOM_TOKEN"
   }
  ],
  "code": 400,
  "message": "INVALID_CUSTOM_TOKEN"
 }
}

I generate token with this code block as described in firebase documentation

$service_account_email = "USED_FROM_JSON_FILE"; //
$private_key = "USED_FROM_JSON_FILE";

function create_custom_token($uid, $is_premium_account) {
  global $service_account_email, $private_key;

  $now_seconds = time();
  $payload = array(
    "iss" => $service_account_email,
    "sub" => $service_account_email,
    "aud" => "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
    "iat" => $now_seconds,
    "exp" => $now_seconds+(60*60),  // Maximum expiration time is one hour
    "uid" => $uid,
    "claims" => array(
      "premium_account" => $is_premium_account
    )
  );
  return JWT::encode($payload, $private_key, "RS256");
}

[saffabook]

Same issue +1

[bshaffer]

Hello! Thank you for filing this.

I unfortunately cannot duplicate this issue. The above sample validated as expected. I would verify the following:

1. The service account email matches the private key
2. The project tied to the service account matches your firebase config (i.e. authDomain)
3. The token being passed to loginWithCustomToken is correct

Unfortunately, the error message being returned from the API is not very helpful, so it could be any of these things or something else.

If you think there is a problem with the documentation, click Send Feedback in the top right corner of the documentation page and tell us the problem.

[JustDNA]

Same issue +1

[JustDNA]

I come across this error few times every day out of some 1000 times. Started facing this issue after I upgraded the client side code to use Firebase 3.x from Firebase 2.x

[diamond-darrell]

I have a similar issue.
I found out that if I copy generated token and just hardcode it in app (frontend side), it works fine. But if I pass received token from response, it fails.
So, I think that token is valid, but for some reason login fails.

[diamond-darrell]

I've figured out the problem in my case.
It was wrong time on the server. So, "iat" and "exp" dates were wrong

[delta9]

@diamond-darrell Thanks!! You saved me from pulling my hair out while testing.

[DrewLandgrave]

@diamond-darrell THANK YOU!

[theknicker]

I am having this same issue, but the time is not the problem. When I put my token into https://jwt.io/ I get an "invalid signature" error. Any ideas?

[dyangua]

@theknicker the same problem i dont know, i use sdk firebase and works fine but with my custom jwt with parameters like documentation i have this error Invalid assertion format. 3 dot separated segments required

[rldaulton]

@dyangua did you find a solution to the error?

i have this error Invalid assertion format. 3 dot separated segments required

[dyangua]

@rldaulton yes, i have this error because i try to create my custom token in node but in node you have method for that, in php works fine.

[dyangua]

`<?php
// Requires: composer require firebase/php-jwt
use \Firebase\JWT\JWT;

// Get your service account's email address and private key from the JSON key file
$service_account_email = "";
$private_key = "";

function create_custom_token($cedula, $is_premium_account) {
global $service_account_email, $private_key;

$now_seconds = time();
$payload = array(
"iss" => $service_account_email,
"sub" => $service_account_email,
"aud" => "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
"iat" => $now_seconds,
"exp" => $now_seconds+(60*60), // Maximum expiration time is one hour
"uid" => $cedula,
"claims" => array(
"premium_account" => $is_premium_account
)
);
return JWT::encode($payload, $private_key);
}
?>`

[MrJellyB]

same error here,
when i tried to call signInWithCustomToken right after signInWithEmailAndPassword
it worked fine, but when I was calling from other HTTP request it failed

[MrJellyB]

@rldaulton yes, i have this error because i try to create my custom token in node but in node you have method for that, in php works fine.

can you elaborate?