Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Google SignIn: Getting ID Token for Server-side Auth #16613

Closed
nevi-me opened this issue Apr 16, 2018 · 18 comments
Closed

Google SignIn: Getting ID Token for Server-side Auth #16613

nevi-me opened this issue Apr 16, 2018 · 18 comments
Labels

Comments

@nevi-me
Copy link

@nevi-me nevi-me commented Apr 16, 2018

Steps to Reproduce

I started using Firebase Auth after I already had a custom OAuth impl in place, so in my previous app, I would authenticate the user on Firebase, but also request an ID Token from Google Signin https://developers.google.com/identity/sign-in/android/offline-access.

Is there currently a way to do this on google_signin? On Android, I would do something like SignIn.requestServerAuthCode(serverClientId).

Logs

n/a

Flutter Doctor

[√] Flutter (Channel master, v0.2.12-pre.33, on Microsoft Windows [Version 10.0.14393], locale en-ZA)
    • Flutter version 0.2.12-pre.33 at C:\Users\<me>\flutter
    • Framework revision ea30c95dc9 (2 days ago), 2018-04-13 17:02:14 -0700
    • Engine revision 76cb311d9c
    • Dart version 2.0.0-dev.47.0.flutter-f76dad0adc

[√] Android toolchain - develop for Android devices (Android SDK 27.0.3)
    • Android SDK at C:\Users\<me>\AppData\Local\Android\sdk
    • Android NDK location not configured (optional; useful for native profiling support)
    • Platform android-27, build-tools 27.0.3
    • Java binary at: C:\Program Files\Android\Android Studio\jre\bin\java
    • Java version OpenJDK Runtime Environment (build 1.8.0_152-release-1024-b02)
    • All Android licenses accepted.

[√] Android Studio (version 3.1)
    • Android Studio at C:\Program Files\Android\Android Studio
    • Flutter plugin version 23.0.2
    • Dart plugin version 173.4700
    • Java version OpenJDK Runtime Environment (build 1.8.0_152-release-1024-b02)

[√] IntelliJ IDEA Community Edition (version 2017.3)
    • IntelliJ at C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2017.3.4
    • Flutter plugin version 23.0.2
    • Dart plugin version 173.4700

[√] IntelliJ IDEA Ultimate Edition (version 2018.1)
    • IntelliJ at C:\Program Files\JetBrains\IntelliJ IDEA 2018.1
    • Flutter plugin version 23.1.3
    • Dart plugin version 181.4203.498

[√] VS Code, 64-bit edition (version 1.22.1)
    • VS Code at C:\Program Files\Microsoft VS Code
    • Dart Code extension version 2.11.2

[√] Connected devices (1 available)
    • SM G610F • 5203f84b5378a381 • android-arm • Android 7.0 (API 24)

• No issues found!
@tvolkert tvolkert added the plugin label Apr 17, 2018
@tvolkert
Copy link
Contributor

@tvolkert tvolkert commented Apr 17, 2018

@mravn-google
Copy link
Contributor

@mravn-google mravn-google commented Apr 18, 2018

@nevi-me
Copy link
Author

@nevi-me nevi-me commented Apr 19, 2018

Hey @mravn-google, I believe that's a different thing. I need to get a token and secret from Google API directly, which I then send to my server when user signs in for the first time.

The

On the server, I use that pair to get a refresh token from Google.

The Firebase token allows me to verify a Firebase user, not necessarily interact with Google APIs on behalf of the user.

@zoechi
Copy link
Contributor

@zoechi zoechi commented Apr 19, 2018

The token returned from getIdToken() worked for me to access Google APIs using HTTP requests.
I don't fully understand your requirement though.

@calebisstupid
Copy link

@calebisstupid calebisstupid commented May 21, 2018

I believe I'm trying to solve a similar issue; was there any resolution to this?

We have a back-end server that uses Google Auth for users. I've started building out a flutter app, and used the google_sign_in plug-in but each authentication request returns a null idToken.

Every other thread on the topic I have found points me towards Firebase documentation, which is not what I need. I have found some posts saying that we need to use our back-end "web token", but for the life of me I cannot find any help on how to actually modify or change this using flutter or non-firebase techniques.

@nevi-me
Copy link
Author

@nevi-me nevi-me commented May 23, 2018

@calebisstupid it hasn't been resolved

@matthew5025
Copy link

@matthew5025 matthew5025 commented May 25, 2018

@nevi-me I've tested this, and it works for Android. I do not have a Mac so I can't really help with iOS stuff.

  1. Create a new Firebase project. It's ok to link the old Google Cloud Project.

  2. Select get started with android, and follow the instructions. The important parts are the google-services.json files, and the additional dependencies.

  3. You will now be able to retrieve an idToken.

@nevi-me
Copy link
Author

@nevi-me nevi-me commented May 25, 2018

@matthew5025 my Android device is in for repairs, but I'll try on the emulator and revert nack

@laertispappas
Copy link

@laertispappas laertispappas commented Nov 13, 2018

@matthew5025 do you happen to know how to handle multiple clients ids? I have 1 client id generated in my firebase (from the debug keystroke) I added into the same project my production SHA1 to sign the app but when I release the app I cannot verify the token in the backend. Google API returns bad request: Invalid Value.

Since it is working in the emulators but not when I install the app in my mobile I assume that I need to add another client id in https://console.cloud.google.com/apis/credentials. Just assumptions any ideas?

UPDATE: It looks that it's working now. Maybe because when adding SHA certificate fingerprints in firebase it needs some time to synchronize.

UPDATE2: Still have problems on released APK. I think it should be some config settings as noted with SHA or something.

@zoechi
Copy link
Contributor

@zoechi zoechi commented Nov 14, 2018

Is this still an issue?

@senacand
Copy link

@senacand senacand commented Nov 26, 2018

@laertispappas I'm having the same issue as yours. I can get the id token using the Firebase workaround, unfortunately I cannot verify the ID Token neither using the SDK nor Google's API.

UPDATE: Nvm. I tried debugPrinting the ID Token and use the output to validate to Google's API and get Invalid Value. Turns out the reason was as simple as the ID Token was cut by the log, therefore cutting in the middle of the signature part.

@no-response
Copy link

@no-response no-response bot commented Dec 5, 2018

Without additional information, we are unfortunately not sure how to resolve this issue. We are therefore reluctantly going to close this bug for now. Please don't hesitate to comment on the bug if you have any more information for us; we will reopen it right away!
Thanks for your contribution.
cc @Hixie

@no-response no-response bot closed this Dec 5, 2018
@zainzafar90
Copy link

@zainzafar90 zainzafar90 commented Apr 8, 2019

@mravn-google idToken it keeps returning null no matter what I do

FirebaseUser.getIdToken doesn't work either

final GoogleSignInAccount googleUser = await _googleSignIn.signIn();

final GoogleSignInAuthentication googleAuth = await googleUser.authentication;

// Able to get accessToken
print(googleAuth.accessToken);

//But not this
print(googleAuth.idToken);

@evaldobratti
Copy link

@evaldobratti evaldobratti commented May 8, 2019

@zainzafar90 I was having the same issue as you, google sign in was not getting any jwt/idToken.

I was able to solve this by adding a Web Application oauth credential to the developers console. Then, redownloading google-services.json from firebase, somethings will be changed:

  • a new record in the oauth_client array is added with client_type: 3.
  • services gets filled with appinvite_service.other_platform_oauth_client, that has the same content of the above record.

After that, the jwt/idToken started getting retrivied.

@premtemp1
Copy link

@premtemp1 premtemp1 commented Jul 25, 2019

need the refresh token to validate again the backend Api .

@PJosue100
Copy link

@PJosue100 PJosue100 commented Aug 10, 2020

Does anyone know how to implement the serverClientId option to return serverAuthCode?

@rebeccamcfadden
Copy link

@rebeccamcfadden rebeccamcfadden commented Dec 12, 2020

I'm still having issues with this. I am using version 4.5.6 of google_sign_in and I am not receiving the serverAuthCode.

@rebeccamcfadden
Copy link

@rebeccamcfadden rebeccamcfadden commented Dec 12, 2020

#57712 (comment)

this instruction fixed it for me, but it would be great if this PR got merged in

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet