I'm trying to verify an idToken backend. The user has successfully logged in to firebase client side but when I try to verify the idToken on my backend I get this not very helpful error message
Firebase Auth ID token has incorrect "aud" claim
The error message seems to have become a little more informative, and boils down to not having the project name in the auth key:
Error: Firebase ID token has incorrect "aud" (audience) claim. Expected "stripmall-0000" but got "617699194096-0aafcvsml0gke61d6077kkark051f3e1.apps.googleusercontent.com". Make sure the ID token comes from the same Firebase project as the service account used to authenticate this SDK. See https://firebase.google.com/docs/auth/server/verify-id-tokens for details on how to retrieve an ID token.
Anyone with the slightest idea what could be wrong? I receive the tokenId correctly from the client so that shouldn't be a problem. Sincere appologies if this has been asked before or is trivial in any other way.
firebase.initializeApp({
serviceAccount: {
"type": "service_account",
"project_id": <project id here>,
"private_key_id": <key id goes here>,
"private_key": <key goes here>
"client_email": <email goes here>,
"client_id": <my client id>,
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": <url goes here>
},
databaseURL: <my db url here>
});
router.post("/verify", function (req, res) {
firebase.auth().verifyIdToken(req.body.idToken).then(function (decodedToken) {
var uid = decodedToken.sub;
res.send(uid);
}).catch(function (error, param2) {
console.log(error); // 'Firebase Auth ID token has incorrect "aud" claim'
});
});
Your problem may be that you are trying to use the JWT token returned by one of the auth()
functions like firebaseRef.auth().signInWithPopup()
. These do return a JWT token, however the auth claims will likely be wrong and won't pass verification by verifyIdToken
. Firebase tech support confirmed this.
You have to use the firebaseRef.auth().currentUser.getToken()
function. That token will pass verification.