Reputation: 241
I'm trying to set up custom auth with the new firebase sdk from google following those guidelines :
In the samble code it says :
Get your service account's email address and private key from the JSON key file
Unfortunately I have not idea where to get this json file. If I go to my firebase console ( I manage to donwload a json file but it does not contain any email adress and private key.
I managed to find a json file that contains an email adress and a private key in my google cloud platform console ( by goind into the "API Manager > Credentials" menu. Surprisingly my firebase app was showed there. I copy and pasted the email and key into the sample code, then I got this error :
Warning: openssl_sign(): supplied key param cannot be coerced into a private key in /volume1/web/yeti/vendor/firebase/php-jwt/src/JWT.php on line 183 Fatal error: Uncaught exception 'DomainException' with message 'OpenSSL unable to sign data' in /volume1/web/yeti/vendor/firebase/php-jwt/src/JWT.php:185 Stack trace: #0 /volume1/web/yeti/vendor/firebase/php-jwt/src/JWT.php(154): Firebase\JWT\JWT::sign('eyJ0eXAiOiJKV1Q...', NULL, 'RS256') #1 /volume1/web/yeti/jwt.php(21): Firebase\JWT\JWT::encode(Array, NULL, 'RS256') #2 /volume1/web/yeti/jwt.php(24): create_custom_token('1234', false) #3 {main} thrown in /volume1/web/yeti/vendor/firebase/php-jwt/src/JWT.php on line 185
Does someone has an idea of what I'm doing wrong ?
Upvotes: 8
Views: 15408
Reputation: 785
I was having the same problem. After reading @Jean-Philippe answer I was able to generate the token using HS256
instead of RS256
. But this was resulting in an invalid token every time even after changing credentials.
Using to debbug it, everything was correct but still getting invalid token from firebase.auth().signInWithCustomToken(token).catch(function (error) {}
After searching in github I found this issue. So I used double quotes instead of single quotes in $private
and it worked with RS256
use \Firebase\JWT\JWT;
$service_account_email = env('ACCOUNT_EMAIL');
$private_key = env('ACCOUNT_SECRET');
class generateToken
public static function generateNewToken($mysqli, $userID, $email)
global $service_account_email, $private_key;
$name = '';
$lastname = '';
$hostOption = '';
$now_seconds = time();
$selectUserData = "SELECT username, lastname, hostOption FROM signup WHERE id = ? ";
$stmt = $mysqli->prepare($selectUserData);
$stmt->bind_param('i', $userID);
$stmt->bind_result($name, $lastname, $hostOption);
$payload = array(
"iss" => $service_account_email,
"sub" => $service_account_email,
"aud" => "",
"iat" => $now_seconds,
"exp" => $now_seconds + (60 * 60), // Maximum expiration time is one hour
"uid" => strval($userID),
"claims" => array(
"username" => $name,
"lastname" => $lastname,
"email" => $email,
"hostOption" => $hostOption,
return JWT::encode($payload, $private_key, 'RS256');
$vars = [
'ACCOUNT_EMAIL' => "[email protected]",
foreach($vars as $key => $value){
lindelius commented on 7 Aug 2018 •
The reason is because the key contains new-line characters (\n) which are incorrectly handled when used within single-quotes, i.e. they are treated as the characters "\n" rather than actual new lines.
Upvotes: 1
Reputation: 1252
instead of
$key = 'giant_key_goes_here';
token = JWT::encode($payload, $key, 'RS256');
token = JWT::encode($payload, FIREBASE_PRIVATE_KEY, 'RS256');
Upvotes: -1
Reputation: 379
Did you find the solution ? Still experiencing the same issue ! Works with HS256 and doesn't with RS256. Is it google cloud kind of limitation ?
Thank you so much ! @dbburgess
Problem: Was using the wrong key and email. These should be generated in the Google Cloud credentials section that corresponds to the Firebase project.
Fill the values:
$service_account_email = "[email protected]"; $private_key = "-----BEGIN PRIVATE KEY-----\nSoneVeryVeryLongKey=\n-----END PRIVATE KEY-----\n"; $uid = 'UserToUseInFirebaseRules'; $is_premium_account = $uid;
You shouldn't need to change anything in the "create_custom_token" function, maybe the expiration date/time according to your needs.
Then call the function:
create_custom_token($uid, $is_premium_account);
Upvotes: 8
Reputation: 761
This is what I'm doing, and it works fine. What you provide in the claims
array is what shows up on auth
in the security rules. The email and key come from the json file you get when you create a service account (see: Before you begin section).
$userId = '1234';
$email = '[email protected]';
$key = 'giant_key_goes_here';
$payload = [
'iss' => $email,
'sub' => $email,
'aud' => '',
'iat' => time(),
'exp' => time() + 60 * 60,
'uid' => $userId,
'claims' => [
'uid' => $userId,
$token = JWT::encode($payload, $key, 'RS256');
It's worth noting, the format on the keys is a little tricky...Your key will look something like this (just an example key):
You may need to do a little fancy formatting, this is essentially what I did:
$key = "-----BEGIN PRIVATE KEY-----\nMIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp\nwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5\n1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh\n3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2\npIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX\nGukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il\nAkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF\nL0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k\nX6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl\nU9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ\n37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=\n-----END PRIVATE KEY-----\n";
Note the line breaks are turned into \n
, and it is all smushed onto one line. There are various ways of accomplishing it, but...Based on the error you got, something like this may be the problem.
Upvotes: 5
Reputation: 241
Found my self what was wrong ! The sample php code from the documentation is buggy. Instead of
return JWT::encode($payload, $private_key, "RS256");
return JWT::encode($payload, $private_key, "HS256");
Edit :
Actually, it was just the sample php code from google firebase doc that was completely buggy. it was passing an empty key to php-jwt. Looks like they updated it today and it's working fine :)
Upvotes: 4