Error: Firebase ID token has expired
On my server I'm seeing these errors when using firebase admin sdk .verifyIdToken()
Firebase ID token has expired. Get a fresh token from your client app and try again
Firebase ID token has "kid" claim which does not correspond to a known public key. Most likely the ID token is expired, so get a fresh token from your client app and try again. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.
On the client side I'm doing this before every request between browser <> server:
firebase.auth().currentUser.getIdToken()
It's my understanding from reading the docs that this function will get a valid, non-expired token because the SDK in the background will refresh itself as-needed. Optionally, I can pass in true to this function to force a refresh.
Why does this getIdToken() function seem to be sending expired tokens to my backend?
It seems like to resolve this my options are:
- Pass in
trueto force refresh every time I call getIdToken(). This is needlessly expensive because it will add the overhead of a whole round-trip network request from the browser <> firebase before the request from browser <> my server - call
getIdToken()the way I am now - decode the token manually on the client side, check the expiration, if it is expired then callgetIdToken(true)again to force a refresh and send that newly refreshed token to my server
Is number 2 the recommended/expected way to deal with this? It seems like something is wrong here...
Answer
The token expires after typically an hour. getIdToken will refresh the cached token if it is expired. Make sure you always call that on the client when you need to send the token to your server. If you cache the token and always send it to your backend, it will be expired at some point.
Also just in case, ensure your server clock is synchronized. It is unlikely but your clock could be out of sync for some reason.