3

I'm trying to play with the firebase admin sdk for python for making custom tokens and verify those while testing my app. Problem is that while I try to verify the token I always get such an error:

ValueError: Firebase ID token has incorrect "aud" (audience) claim. Expected "my_project_id" but got "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit". Make sure the ID token comes from the same Firebase project as the service account used to authenticate this SDK. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.

I followed the guide to create the app and making the tokens:

import firebase_admin
from firebase_admin import auth, credentials

cred = credentials.Certificate('/path/to/file.json')
app = firebase_admin.initialize(cred)
custom_token = auth.create_custom_token('some-uid', app=app)
auth.verify_id_token(custom_token, app=app)

and here I get the error. It seems that _TokenGenarator is initialised with the defaults that are coming back from the error. I thought when passing the app it should automatically change those but it's not happening. Am I missing something?

Improve this question

2 Answers 2

Reset to default
8

verify_id_token() only accepts ID tokens. Custom tokens do not fall into that category. See this test case. Raising a ValueError is the expected behavior in this case.

ID tokens can be obtained from a client SDK. You can exchange a custom token for an ID token by calling one of the provided signInWithCustomToken() methods.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Signing in with custom tokens: firebase.google.com/docs/auth/admin/…
So signInWithCustomToken() is not available in python right? Is it only available in mobile development?
Right. It's not available in any of the Admin SDKs.
Would using Swift work to access firebase on desktop through tokens work? I see swift can be used on windows and aws too, and the token signin is available in the firebase-ios-sdk.
0

You can use REST API endpoint to exchange you custom token to id token https://cloud.google.com/identity-platform/docs/use-rest-api

Improve this answer

1 Comment

Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.