Auth: GoogleIdTokenVerifier fails to validate token from Identity Platform

[mmatloka]

Environment details

1. Identity Platform
2. OS type and version:
3. Java version: 17
4. version(s): 1.35.1

Steps to reproduce

Hello, https://cloud.google.com/identity-platform/docs/reference/rest says that "we recommend that you use the Google-provided client libraries.", so I'm tring to leverage GoogleIdTokenVerifier to verify accessToken generated when using Identity Platform. I use the following code:

    val transport: HttpTransport = new ApacheHttpTransport()
    val jsonFactory: JsonFactory = new GsonFactory()
    val verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory)
      .setIssuer("https://securetoken.google.com/<my project>")
      .setAudience(Collections.singletonList("<my project>"))
      .build

    verifier.verify(
        "token"
      ) // always null == not verified

Verification fails because this line returns false because it was not able to verify signature here. When I use debug and dive inside, I see that sun.security.rsa.RSASignature throws inside javax.crypto.BadPaddingException: Decryption error.

How do I obtain the token? I have used sample websites from https://github.com/firebase/firebaseui-web#starting-the-sign-in-flow (with configured initialization snippet from my Identity Platform account).

I am using google-api-client version 1.35.1.

Where is the mistake? Should I configured different public keys?

Thanks in advance for help!

[meltsufin]

@TimurSadykov Is this something you're familiar with? I see that you modified GoogleIdTokenVerifier recently.

[TimurSadykov]

@meltsufin Yes, I'm familiar. We need to add IdentityPlatform public keys to our default storage or add another storage with those keys present. If that is not something we can do quickly - at least reference a public source of the keys or keys themselves to mitigate temporarily.