-
Notifications
You must be signed in to change notification settings - Fork 44
Always throws "Token not verified as issued by Google" #32
Comments
@morgler did you ever figure this out or decide on an alternative? I used this gem successfully in Feb and now am having the same problem. |
Unfortunately I never resolved this. I moved on and simply generate the JWT on my Rails server instead of using firebase. I also don't use any firebase services on this app currently. |
Since my use case is low volume and an extra network request isn't a big deal, I ended up using Google's tokeninfo endpoint: https://developers.google.com/identity/sign-in/web/backend-auth#using-a-google-api-client-library I haven't quite finished all of the error cases, but it basically looks like this: # Gemfile:
gem 'google-api-client', require: 'google/apis/oauth2_v2' # In application_controller.rb
class ApplicationController < ActionController::Base
include ActionController::HttpAuthentication::Token::ControllerMethods
protected
def authenticate_user
authenticate_or_request_with_http_token do |token, options|
if valid_token?(token)
return true
else
render_unauthorized
end
end
end
# https://www.codeschool.com/blog/2014/02/03/token-based-authentication-rails/
def render_unauthorized
self.headers['WWW-Authenticate'] = 'Token realm="Application"'
render json: 'Bad credentials', status: 401
end
def valid_token?(token)
oauth2 = Google::Apis::Oauth2V2::Oauth2Service.new
userinfo = oauth2.tokeninfo(access_token: token)
if userinfo
user_id = userinfo.user_id
audience = userinfo.audience
if audience != "_YOUR APP'S CLIENT ID_"
return false
end
user_id.present?
else
false
end
rescue => e
# Should really be more specific and handle each of these differently:
# [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# [Google::Apis::AuthorizationError] Authorization is required
false
end
end |
For completeness, the Javascript that calls this uses fetch(`/auth/verify.json`, {
headers: {
'X-Requested-With': 'XMLHttpRequest',
'Authorization': 'Token token=' + googleAuthResponse.accessToken
}
}) |
I'm not using Firebase but I am having the same issue. Not sure what I'll do to move around it. Update: I was simply passing in nil for the token due to a missing header in my ios http client. The library seems to work fine. |
Leaving this in case anyone else runs into the reason I kept seeing this. I was passing a token in via:
The quotes were causing this to always respond with:
I just needed to strip the quotes before passing it into the validator. I didn't expect this to be a problem since the JWT gem used to decode handled this scenario. |
This project is deprecated, and we're archiving the repository. The functionality is available in the |
I do the following simple validation in my Rails (4.2.10) backend:
I use the project id of my firebase project as the audience and client id – which I assume is the way it is supposed to be. The token was created on the client by signing in with Google Firebase Authentication.
I can decode the token fine with a general JWT library and inserting Google's public keys manually. So the token seems to be correct.
Is this a bug or am I calling the validator in a weird way? Why does it always throw an exception even with a valid token and valid project id?
The text was updated successfully, but these errors were encountered: