google/apiclient: Signature Verification Failed

Question

I have followed these instructions to use Android sign-in on my backend server.

The Android sign-in works, and I'm getting an id token with my server client ID:

// Configure sign-in to request the user's ID, email address, and basic
// profile. ID and basic profile are included in DEFAULT_SIGN_IN.
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
        .requestIdToken(getString(R.string.server_client_id))
        .build();

// Build a GoogleApiClient with access to the Google Sign-In API and the
// options specified by gso.
mGoogleApiClient = new GoogleApiClient.Builder(this)
        .enableAutoManage(this /* FragmentActivity */, this /* OnConnectionFailedListener */)
        .addApi(Auth.GOOGLE_SIGN_IN_API, gso)
        .build();

mGoogleSignIn.setSize(SignInButton.SIZE_STANDARD);
mGoogleSignIn.setOnClickListener(new View.OnClickListener() {
    @Override
    public void onClick(View v) {
        Intent signInIntent = Auth.GoogleSignInApi.getSignInIntent(mGoogleApiClient);
        startActivityForResult(signInIntent, REQUEST_CODE_SIGN_IN);
    }
});

This token is sent to my backend server as a POST request (code not relevant: it works).

Then the server (a symfony backend) uses google/apiclient to authenticate the user once more in order to validate the user ID and fetch user information in the backend database:

// Get token from user
$id_token = $request->get('id_token');

// Validate token
try {
    $options = [
        'client_id' => $this->container->getParameter('google_app_id')
    ];
    $client = new \Google_Client($options);
    $payload = $client->verifyIdToken($id_token);
    if ($payload) {
        $user = $this->getDoctrine()
                    ->getRepository(User::class)
                    ->findOneBy(['googleId' => $payload['sub']]);
        if ($user != null) {
            $data = [
                'client_id' => $user->getClient()->getClientId(),
                'client_secret' => $user->getClient()->getSecret(),
            ];
        } else {
            $data = [
                'error' => 'Unknown user',
                'message' => 'Please create an account first',
            ];
        }
    } else {
        $data = [
            'error' => 'Invalid token',
        ];
    }
} catch (\Exception $e) {
    $data = [
        'error' => 'Invalid token',
        'details' => $e->getMessage(),
    ];
}

The exception is raised and the message is Signature Verification Failed.

I couldn't find the reason for this message after some research online. What is causing this? The same code on the backend used to work, I just changed a few things on Android side but not related to Google Sign In.

Answer 1

I tried again this morning with the exact same code and it worked like a charm. I guess it was a temporary failure on Google side (didn't expect that!).

I wanted to understand more the error message rather than the error in my code (there wasn't any!) so if someone has a clearer explanation I'll accept their answer.