问题
I created custom Auth Token via createCustomToken(), see https://firebase.google.com/docs/auth/admin/create-custom-tokens.
But later on when I try to verify this token via verifyIdToken() function it throws following error
Error: verifyIdToken() expects an ID token, but was given a custom token. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.
Which is rational, because there is no such ID... But what I need - is to simply verify the token, similar to jwt.verify()...
Has anyone came across this problem and what solution was found? Is it possible to verify Firebase auth token via jsonwebtoken library?
P.S. I am gonna use verification in Google Cloud Function endpoints
SOLUTION: Looks like I just found a solution https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library Just need to grap public key from https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com and use jsonwebtoken library to verify it...
回答1:
verifyIdToken like the name is to verify IdToken, not custom token.
CustomToken is for client to sign in. This custom token can be verify using simple JWT verification like your solution (it expire after one hour).
But the IdToken is another story, you need to do sign in process using firebase auth.
To Get The Id Token from client after signIn, it's depend whether the client is Android, Web, or IOS.
The code to get the IdToken can be read in this section
来源:https://stackoverflow.com/questions/54630909/how-to-verify-custom-firebase-auth-token-created-by-createcustomtoken