How to verify custom Firebase Auth Token, created by createCustomToken()

5
votes

I created custom Auth Token via createCustomToken(), see https://firebase.google.com/docs/auth/admin/create-custom-tokens.

But later on when I try to verify this token via verifyIdToken() function it throws following error

Error: verifyIdToken() expects an ID token, but was given a custom token. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.

Which is rational, because there is no such ID... But what I need - is to simply verify the token, similar to jwt.verify()...

Has anyone came across this problem and what solution was found? Is it possible to verify Firebase auth token via jsonwebtoken library?

P.S. I am gonna use verification in Google Cloud Function endpoints

SOLUTION: Looks like I just found a solution https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library Just need to grap public key from https://www.googleapis.com/robot/v1/metadata/x509/[email protected] and use jsonwebtoken library to verify it...

1
firebasefirebase-authenticationgoogle-cloud-functions

1 Answers

2
votes

verifyIdToken like the name is to verify IdToken, not custom token.

CustomToken is for client to sign in. This custom token can be verify using simple JWT verification like your solution (it expire after one hour).

But the IdToken is another story, you need to do sign in process using firebase auth.

To Get The Id Token from client after signIn, it's depend whether the client is Android, Web, or IOS. The code to get the IdToken can be read in this section