Comments (3)
cfanpnk
commented on August 21, 2024
4
I spent almost a week on this issue. It turns out this is caused by the expired token. If the token is expired, the kid from the JWT header somehow will return a value that doesn't exist in the public keys (https://www.googleapis.com/robot/v1/metadata/x509/[email protected]).
The only reason I can figure this out is by looking at how firebase admin sdk is implemented in other languages: https://github.com/firebase/firebase-admin-node/blob/5d72c1b40ef9383060d500e4f08678cb37ab8c0e/src/auth/token-verifier.ts#L237
Notice that if kid doesn't exist in public keys, the error message will say something like Most likely the token is expired
So here is my solution:
- Use
verify!to raise an exception - Rescue
FirebaseIdToken::Exceptions::CertificateNotFoundand return 401 - The client app will refresh the token if expired
Hope this can help other people who ran into this issue. Firebase really needs to document this well.
from firebase_id_token.
pierrea
commented on August 21, 2024
I'm not sure if the private_key issue is relevant to the first issue of receiving nil when attempting to verify a token. What exactly are you doing when verifying the token?
from firebase_id_token.
fschuindt
commented on August 21, 2024
I've added explanations about this on the README. Thank you, folks!
from firebase_id_token.
Related Issues (20)
- redis_cache_store conflict HOT 7
- I want to write a test easily HOT 1
- Add test mode document HOT 2
- Fix the Code Climate test coverage report HOT 6
- Have to sleep in order for verify to work HOT 17
- Difficulties to run tests HOT 1
- Error calling FirebaseIdToken.test! on 2.3.1 HOT 4
- Running the gem without Redis? HOT 3
- Verifying payload['email_verified']
- Dynamic Project Ids HOT 1
- redis should not initiated on configuration HOT 2
- unable to decode a valid token (used for firebase google sign in) HOT 1
- New caching doesn't honor request! calls HOT 6
- Doc suggestion for tests HOT 1
- [Feature] Support decoding unsigned tokens from firebase emulator HOT 2
- SSL_connect Failure for Heroku Redis 6 Premium HOT 2
- Rather than auto update certs, or a cron job. consider Rails.cache.fetch? HOT 13
- [advice] redis fatal HOT 4
- FirebaseIdToken::Signature.verify(token) returns nil for newly issued tokens HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from firebase_id_token.