Reputation: 520
Firebase's idTokens unknown kid
I am making a NodeJS application using Firebase for authentication. My goal is to verify/validate the issued JWT idTokens.
I got to the point where I do have idTokens returned on:
- Sign Up REST Endpoint
- Sign In Rest Endpoint
I also have the official endpoint returning public certificates, as well as the undocumented one returning the JWKs:
- https://www.googleapis.com/service_accounts/v1/metadata/x509/[email protected]
- https://www.googleapis.com/service_accounts/v1/jwk/[email protected]
Verifying the token from 1) "Sign Up REST Endpoint" against the public keys and jwks is good. Verifying the token from 2) "Sign In REST Endpoint" gave error for missing key.
- is returning "kid": "dc37d59365c6228b8ccdaca5360ac24d0415c1ea"
- is returning "kid": "tB0M2A".
"kid": "tB0M2A" is not being returned either in the public keys nor in the jwks endpoints.
Has anyone faced similar issues and does anyone have knowledge where the public keys for validating the sign in idToken are coming from?
Upvotes: 0
Views: 225
Answers (1)
Reputation: 520
It turned out that there is additional body parameter returnSecureToken that should be passed in the request.
Now the Firebase API returns tokens with valid IDs that can be verified by third-party JWT libraries.
Upvotes: 0
Related Questions
- Firebase ID token has invalid signature even on jwt
- Firebase 3.0 Tokens : [Error: Firebase Auth ID token has no "kid" claim]
- Obtaining/using Firebase JWT
- remove data from Firebase ID token
- error retrieving user Id token assigned by firebase in the client side
- Firebase 3.0 Tokens : [Error: Invalid claim 'kid' in auth header.]
- Firebase IOS idToken invalid `kid` Exception in backend while `verifyIdToken` in Gmail Auth
- How to make auth.uid and database child key equal in firebase?
- Firebase auth with custom token gives null uid
- Firebase REST API key management