I am trying to verify Id Token sent by android client app on my java server using firebase admin sdk. I followed
FirebaseOptions options = new FirebaseOptions.Builder()
.setServiceAccount(sce.getServletContext().getResourceAsStream("/WEB-INF/serviceAccountKey.json"))
.setDatabaseUrl("https://[project-id].firebaseio.com/")
.build();
FirebaseApp.initializeApp(options);
FirebaseToken decodedToken = FirebaseAuth.getInstance().verifyIdTokenAsync(idToken).get();
String uid = decodedToken.getUid();
Retrive ID token from Android client
mAuth.signInAnonymously()
.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
@Override
public void onComplete(@NonNull Task<AuthResult> task) {
if (task.isSuccessful()) {
final FirebaseUser user = mAuth.getCurrentUser();
user.getIdToken(true).addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
@Override
public void onComplete(@NonNull Task<GetTokenResult> task) {
String token = task.getResult().getToken();
Log.e(TAG,"signInAnonymously:success : onComplete : "+token);
callApi(token);
}
});
} else {
// If sign in fails, display a message to the user.
Toast.makeText(SignIn.this, "Authentication failed.",
Toast.LENGTH_SHORT).show();
}
}
});
Getting exception on server
com.google.firebase.auth.FirebaseAuthException: Firebase ID token isn't signed by a valid public key. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token. at com.google.firebase.auth.internal.FirebaseTokenVerifier.verifyTokenAndSignature(FirebaseTokenVerifier.java:147) at com.google.firebase.auth.FirebaseAuth$2.call(FirebaseAuth.java:223) at com.google.firebase.auth.FirebaseAuth$2.call(FirebaseAuth.java:211) at com.google.firebase.tasks.Tasks$1.run(Tasks.java:82) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)