I can’t get to get the validation of an Google Firebase Authentication ID to work. It returns me the exception: Fatal error: Uncaught Exception: Invalid token signature!
I’ve made a login using Firebase Authentication (javascript) and now i want to pass on the ID to a server (PHP) and validate the ID within the script (to make sure someone is loggedin)
For this I need to use the JWT library (Which seems to be working).
May be i’m using the wrong key / not looping properly through it, but i ran out of options to try… The code contains an example token i try to validate.
<?php
require_once("Firebase/JWT/Key.php");
require_once("Firebase/JWT/JWTExceptionWithPayloadInterface.php");
require_once("Firebase/JWT/ExpiredException.php");
require_once("Firebase/JWT/SignatureInvalidException.php");
require_once("Firebase/JWT/BeforeValidException.php");
require_once("Firebase/JWT/JWT.php");
use FirebaseJWTKey;
use FirebaseJWTJWTExceptionWithPayloadInterface;
use FirebaseJWTExpiredException;
use FirebaseJWTSignatureInvalidException;
use FirebaseJWTBeforeValidException;
use FirebaseJWTJWT;
$publicKeyURL = 'https://www.googleapis.com/robot/v1/metadata/x509/[email protected]';
$key = json_decode(file_get_contents($publicKeyURL), true);
$token = "eyJhbGciOiJSUzI1NiIsImtpZCI6IjUyNmM2YTg0YWMwNjcwMDVjZTM0Y2VmZjliM2EyZTA4ZTBkZDliY2MiLCJ0eXAiOiJKV1QifQ.eyJuYW1lIjoiUm9sZiBCcm9lciIsImlzcyI6Imh0dHBzOi8vc2VjdXJldG9rZW4uZ29vZ2xlLmNvbS9zd2lwZS01YWQ5NCIsImF1ZCI6InN3aXBlLTVhZDk0IiwiYXV0aF90aW1lIjoxNzA0NDQ4NjYyLCJ1c2VyX2lkIjoicDNIbnBMOVo5UWVqOXdjajBtY0tITGxuYmh6MSIsInN1YiI6InAzSG5wTDlaOVFlajl3Y2owbWNLSExsbmJoejEiLCJpYXQiOjE3MDQ0NDk5MDAsImV4cCI6MTcwNDQ1MzUwMCwiZW1haWwiOiJyb2xmYnJvZXJAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJmaXJlYmFzZSI6eyJpZGVudGl0aWVzIjp7ImVtYWlsIjpbInJvbGZicm9lckBnbWFpbC5jb20iXX0sInNpZ25faW5fcHJvdmlkZXIiOiJwYXNzd29yZCJ9fQ.CrHpVyacsFbqMwrcl1vgWCi4x3M3zlyplyG-amplQuilwBHRAxh4V0GKJh9cVfcPd3w_iw40a_MPmhN0aBwkx0Pg4XwVjnArr0-f8Kwj4OosGo3J0d28LGpVjbk0wlyw9EwG4MGTTbXhvzUkHKEatPpTUX9Ly_8MEvs1msojXRG2bWIFHEfgQuAiN5aWW2-uYpRbAuZ2H02OuYNTKeH26Ok6s6lzf7Gcpy_kAE5WO_p7PRDTiWg2BZAjjuCvfEtAmELPzia9SEr3oLWJfdiiet4G28KJA1jTJb5qvfQzPvcRTWzvJrQevYdQbROP0POF-Jsl3jA979JUq1CwBQWzmA";
validate($token, $key);
function validate($jwt_token, $keyData) {
$algorithm = array('RS256');
try {
// Select a specific key from the array
$selectedKey = current($keyData);
// Create an instance of FirebaseJWTKey
$key = new FirebaseJWTKey($selectedKey, 'RS256');
// Convert $algorithm to an object as the third argument
$algorithmObject = (object) $algorithm;
return JWT::decode($jwt_token, $key, $algorithmObject);
} catch (ExpiredException $e) {
throw new Exception('Token expired!');
} catch (SignatureInvalidException $e) {
throw new Exception('Invalid token signature!');
} catch (BeforeValidException $e) {
throw new Exception('Token not valid yet!');
} catch (Exception $e) {
throw new Exception('Invalid token!');
}
}
?>
I’ve tried to use the API key, the project ID instead of the current public keys, but those don’t seem to be correct either.