com.google.firebase.auth.FirebaseAuthException:令牌不适用于此应用

时间:2016-11-17 07:20:16

标签: firebase firebase-authentication

我正在尝试在服务器中生成自定义令牌,然后验证它。我想在我的应用程序中重用Firebase身份验证令牌以实现api安全性。

仅用于测试我有从Firebase文档获得的此代码。 Creating Custom TokenVerifying ID Token

FirebaseOptions options = new FirebaseOptions.Builder()
        .setServiceAccount(sce.getServletContext().getResourceAsStream("/WEB-INF/serviceAccountKey.json"))
        .setDatabaseUrl("https://[project-id].firebaseio.com/")
        .build();

FirebaseApp.initializeApp(options);

final AtomicBoolean done = new AtomicBoolean(false);

FirebaseAuth.getInstance().createCustomToken("the-great-uid")
        .addOnSuccessListener(new OnSuccessListener<String>() {
            @Override
            public void onSuccess(String customToken) {

                FirebaseAuth.getInstance().verifyIdToken(customToken)
                        .addOnFailureListener(new OnFailureListener() {
                            @Override
                            public void onFailure(Exception excptn) {
                                LOG.log(Level.SEVERE, "fail verification", excptn);
                                done.set(true);
                            }
                        })
                        .addOnSuccessListener(new OnSuccessListener<FirebaseToken>() {
                            @Override
                            public void onSuccess(FirebaseToken decodedToken) {
                                String uid = decodedToken.getUid();
                                LOG.log(Level.INFO, "SUCCESS VERIFICATION: ");
                                LOG.log(Level.INFO, "UUDI: {0}", uid);
                                done.set(true);
                            }

                        });

                LOG.log(Level.INFO, "Custom token: {0}", customToken);
                done.set(true);
            }
        });

while (!done.get());

我得到了什么:

[INFO] INFO: Custom token: eyJhbGciOiJSUzI1NiJ9.eyJ******
[INFO] After custom token
[INFO] Nov 17, 2016 3:15:27 PM com.adslide.backend.listeners.AdslideContextListener$1$2 onFailure
[INFO] com.google.firebase.auth.FirebaseAuthException: Token is not for this app
[INFO]  at com.google.firebase.auth.internal.FirebaseTokenVerifier.verifyTokenAndSignature(FirebaseTokenVerifier.java:52)
[INFO]  at com.google.firebase.auth.FirebaseAuth$1.call(FirebaseAuth.java:150)
[INFO]  at com.google.firebase.auth.FirebaseAuth$1.call(FirebaseAuth.java:144)
[INFO]  at com.google.firebase.tasks.Tasks$1.run(Tasks.java:63)
[INFO]  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[INFO]  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[INFO]  at com.google.appengine.tools.development.BackgroundThreadFactory$1$1.run(BackgroundThreadFactory.java:60)

我错过了什么吗?我正在使用Google Appengine ..请假设我提供了正确的project-idserviceAccountKey.json

1 个答案:

答案 0 :(得分:4)

因为没有人试过这一次。对于可能在这个问题中遇到过的人,我想分享我发现的内容。

我刚刚错过了Firebase documentation中的警告。

  

警告:Firebase管理SDK中包含的ID令牌验证方法旨在验证来自客户端SDK的ID令牌,而不是您使用管理SDK创建的自定义令牌。有关详细信息,请参阅Auth令牌。

这只意味着我上面所做的是无效的,因为我只是验证了由Admin SDK生成的令牌。