Firebase 身份验证 ID 令牌的“aud"不正确宣称 [英] Firebase Auth ID token has incorrect "aud" claim

问题描述

我正在尝试验证 idToken 后端.用户已成功登录到 firebase 客户端，但是当我尝试在后端验证 idToken 时，我收到了这条不太有用的错误消息

I'm trying to verify an idToken backend. The user has successfully logged in to firebase client side but when I try to verify the idToken on my backend I get this not very helpful error message

Firebase 身份验证 ID 令牌的aud"声明不正确

Firebase Auth ID token has incorrect "aud" claim

错误消息似乎变得更有用了，归结为在 auth 键中没有项目名称:

The error message seems to have become a little more informative, and boils down to not having the project name in the auth key:

错误:Firebase ID 令牌的aud"(受众)声明不正确.预期stripmall-0000"但得到617699194096-0aafcvsml0gke61d6077kkark051f3e1.apps.googleusercontent.com".确保 ID 令牌来自与用于验证此 SDK 的服务帐户.看https://firebase.google.com/docs/auth/server/verify-id-tokens 用于有关如何检索 ID 令牌的详细信息.

Error: Firebase ID token has incorrect "aud" (audience) claim. Expected "stripmall-0000" but got "617699194096-0aafcvsml0gke61d6077kkark051f3e1.apps.googleusercontent.com". Make sure the ID token comes from the same Firebase project as the service account used to authenticate this SDK. See https://firebase.google.com/docs/auth/server/verify-id-tokens for details on how to retrieve an ID token.

任何人都知道可能出了什么问题?我从客户端正确地收到了 tokenId，所以这应该不是问题.如果之前有人问过这个问题或者在任何其他方面是微不足道的，那么真诚的道歉.

Anyone with the slightest idea what could be wrong? I receive the tokenId correctly from the client so that shouldn't be a problem. Sincere appologies if this has been asked before or is trivial in any other way.

  firebase.initializeApp({
        serviceAccount: {
            "type": "service_account",
            "project_id": <project id here>,
            "private_key_id": <key id goes here>,
            "private_key": <key goes here>
            "client_email": <email goes here>,
            "client_id": <my client id>,
            "auth_uri": "https://accounts.google.com/o/oauth2/auth",
            "token_uri": "https://accounts.google.com/o/oauth2/token",
            "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
            "client_x509_cert_url": <url goes here>
        },
        databaseURL: <my db url here>
    });

    router.post("/verify", function (req, res) {
        firebase.auth().verifyIdToken(req.body.idToken).then(function (decodedToken) {
            var uid = decodedToken.sub;
            res.send(uid);
        }).catch(function (error, param2) {
            console.log(error);  // 'Firebase Auth ID token has incorrect "aud" claim'
        });

    });

推荐答案

您的问题可能是您正在尝试使用 auth() 函数之一返回的 JWT 令牌，例如 firebaseRef.auth().signInWithPopup().这些确实会返回一个 JWT 令牌，但是 auth 声明可能是错误的，并且不会通过 verifyIdToken 的验证.Firebase 技术支持证实了这一点.

Your problem may be that you are trying to use the JWT token returned by one of the auth() functions like firebaseRef.auth().signInWithPopup(). These do return a JWT token, however the auth claims will likely be wrong and won't pass verification by verifyIdToken. Firebase tech support confirmed this.

您必须使用 firebaseRef.auth().currentUser.getToken() 函数.该令牌将通过验证.

You have to use the firebaseRef.auth().currentUser.getToken() function. That token will pass verification.

这篇关于Firebase 身份验证 ID 令牌的“aud"不正确宣称的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！