In the old Firebase, I used to be able to authenticate in iOS using the server method in which a secret is generated on Firebase website and signInWithCustomToken is used to sign in with full admin privilege.
Can this still be done with the new Firebase? I can't seem to find a way to. The same function and secret would return this error:
Error Domain=FIRAuthErrorDomain Code=17000 "The custom token format is incorrect..."
Related
Validating the firebase id token in ruby on rails with library "firebase_id_token".
Once I got the valid token from the front-end with the google_sign_in library and sending it to the backend, it always prompts as "JWT::VerificationError (Signature verification raised)". Even though I have checked in jwt.io, where I could able see the information of payload and header but unable to verfiy the signature.
firebase_id_token.rb
FirebaseIdToken.configure do |config|
config.project_ids = ["project_id"]
config.redis = Redis.new(host: "localhost", port: 6379)
end
FirebaseIdToken::Certificates.request
Also, I checked the kid key is a valid one on this link
https://www.googleapis.com/robot/v1/metadata/x509/securetoken#system.gserviceaccount.com
I have been debugging the code for more than a week, Please anyone assist with this issue.
PS: I have tested the code with a valid token and not an expired one.
Google sign-in returns an OAuth2 token, not a JWT as far as I know, and definitely not a Firebase ID token. If you are passing this Google sign-in token to your backend code, it correctly gets rejected when you try to verify it as a Firebase ID token.
To get a Firebase ID token, you need to sign-in to Firebase with the Google sign-in token (by calling signInWithCredential) and then pass the resulting Firebase ID token to your backend code.
I have integrated firebase authentication for login and signup.
But I am getting a below error while authentication
com.google.GTLRErrorObjectDomain Code=503
Request Authorization Header Missing or Malformed
But when I checked in firebase there is an already entry for the user which I created using signup. So the login and signed up is being validated, but I am getting above 503 error.
Is there anything I am missing in configuration of firebase of something required to be added in App setting or plist
-Thanks in advance
Aakil
I am getting the below error while login with google through Keycloak.
401. That’s an error.
Error: deleted_client
The OAuth client was deleted.
Request Details That’s all we know.
The application you are using has a client id created via google developers console. The client id in question was deleted your going to have to create a new client id and recompile your application.
That is assuming this "keyCloak" is your own application if not then you should contact the developer of the application they have a problem
I'm trying to integrate Google with Amazon Cognito in an iOS application using the Google Sign-In SDK but I can't seem to figure out how to obtain the JWT id token correctly. Everything is set up correctly, I believe, as both Google Sign-In and Cognito work independently.
I am setting up the GIDSignIn like this.
[GIDSignIn sharedInstance].scopes = #[kGTLAuthScopePlusLogin, kGTLAuthScopeDrive];
[[GIDSignIn sharedInstance] setClientID:kClientID];
[GIDSignIn sharedInstance] setServerClientID:kServerClientId];
and then to get the id_token, as specified here with the exception being that I am using Google Sign-In and not Google+ signin, which has no GTMOAuth2Authentication.
- (void)googleSignedIn:(GIDGoogleUser *) user
{
NSLog(#"AWSManager: Google signed in, id token = %#", user.authentication.idToken);
NSString *idToken = user.authentication.idToken;
self.credentialsProvider.logins = #{ #(AWSCognitoLoginProviderKeyGoogle): idToken};
but the idtoken is not json formatted web token, it is just a hunk of characters. AWS throws this error --
AWSiOSSDKv2 [Error] AWSIdentityProvider.m line:185
| __51-[AWSAbstractCognitoIdentityProvider getIdentityId]_block_invoke169
| GetId failed.
Error is [Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=9
"The operation couldn’t be completed. (com.amazonaws.AWSCognitoIdentityErrorDomain error 9.)"
UserInfo=0x8fa5eb8e4e40{__type=NotAuthorizedException, message=Token is not from a supported provider of this identity pool.}]
I have no idea what I'm to do. I'm pretty new to objective-c and have done all of this on Android before. On android I did:
String mServerClientId = "audience:server:client_id:xxxxxxxxxx.apps.googleusercontent.com"
String token = GoogleAuthUtil.getToken(getApplicationContext(), accountName, mServerClientId);
to retrieve the tokens, but far as I can tell there's nothing like that on iOS. I can provide more information if needed.
Thanks!
From the error it looks like the clientId is not setup correctly in the identity pool configuration. Google has different client ids for each platform, to support multiple client ids, you should use the Cognito's support for generic OpenID Connect Identity Providers. Please follow these steps:
Go to AWS IAM Console's identity provider section .
Create an OpenId Connect Identity Provider with provider URL as https://accounts.google.com and Audience as one of the client Ids.
Follow the steps to create identity provider and later you will have an option to add additional client ids.
Go to Amazon Cognito Console.
Create or edit an identity pool and add the OpenID connect identity provider to the pool. This will allow you to trust multiple client Ids.
You can follow the Cognito documentation for Google login here and OpenID connect providers here.
Additionally, the token which you are getting is actually Base64 encoded. It has three parts separated by a period.
The algorithm which is used.
The payload.
The signature which Cognito validates.
You can use this cool tool for decoding the tokens.
Thanks,
Rachit
using of youube api getting this error
Error Domain=com.google.GDataServiceDomain Code=403 "The operation
couldn’t be completed. (com.google.GDataServiceDomain error 403.)"
UserInfo=0x7676020 {Error=NoLinkedYouTubeAccount,
error=NoLinkedYouTubeAccount}
You recieve this error since you are using Service account authentication.
The service account flow supports server-to-server interactions that do not access user information. However, the YouTube Data API does not support this flow. Since there is no way to link a Service Account to a YouTube account, attempts to authorize requests with this flow will generate a NoLinkedYouTubeAccount error.
https://developers.google.com/youtube/v3/guides/authentication
You may try to use another type of authentication, such as server-side or installed application, however user should allow to use his account.
If you want to create an app which will allow different users to add videos to your own channel, than you can try ClientLogin authentication protocol.
Look here for more info https://developers.google.com/youtube/2.0/developers_guide_protocol_clientlogin#ClientLogin_Authentication
This protocol is deprecated but I have not found any way to resolve problem.