Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot verify custom token #169

Closed
aspelund opened this issue Feb 20, 2018 · 3 comments
Closed

Cannot verify custom token #169

aspelund opened this issue Feb 20, 2018 · 3 comments

Comments

@aspelund
Copy link

1. Which version of kreait/firebase-php are you using?

3.9.3

2. Which version of PHP are you using?

PHP 7.0.25-0ubuntu0.16.04.1 (cli) ( NTS )

3. What's the issue?

Tokens created using createCustomToken cannot be verified using verifyIdToken. Error message is The header "kid" is missing.

Googling about the header kid it seems as if that one is actually an optional part of the token. (http://self-issued.info/docs/draft-jones-json-web-token-01.html#ReservedHeaderParameterName).

4. Code that lead to the issue

// Code to create token:
    	$auth = $firebase->getAuth();
    	$uid = $user->id;
    	$claims = ['foo' => 'bar'];

    	$date = new DateTime();
		$date->add(new DateInterval('P1Y'));		
    	$customToken = $auth->createCustomToken($uid, $claims, $date);

// Code to verify token (this breaks)
        $token = $auth->verifyIdToken($jwt);
@jeromegamez
Copy link
Member

That's correct, you cannot verify a custom token, that's why I named the methods so clearly 😅.

Custom Tokens are to be exchanged for an ID token by sending them to the Firebase REST API which will send an ID token back, which then can be verified.

Custom Token != ID Token

See also https://firebase-php.readthedocs.io/en/stable/authentication.html#verify-a-firebase-id-token :

@MGParisi
Copy link
Contributor

How do we get the idTokenString?

@lock
Copy link

lock bot commented Mar 15, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Mar 15, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jeromegamez @aspelund @MGParisi