Open mmatloka opened 2 years ago
@TimurSadykov Is this something you're familiar with? I see that you modified GoogleIdTokenVerifier
recently.
@meltsufin Yes, I'm familiar. We need to add IdentityPlatform public keys to our default storage or add another storage with those keys present. If that is not something we can do quickly - at least reference a public source of the keys or keys themselves to mitigate temporarily.
Environment details
Steps to reproduce
Hello, https://cloud.google.com/identity-platform/docs/reference/rest says that "we recommend that you use the Google-provided client libraries.", so I'm tring to leverage
GoogleIdTokenVerifier
to verify accessToken generated when usingIdentity Platform
. I use the following code:Verification fails because this line returns
false
because it was not able to verify signature here. When I use debug and dive inside, I see thatsun.security.rsa.RSASignature
throws insidejavax.crypto.BadPaddingException: Decryption error
.How do I obtain the token? I have used sample websites from https://github.com/firebase/firebaseui-web#starting-the-sign-in-flow (with configured initialization snippet from my Identity Platform account).
I am using
google-api-client
version1.35.1
.Where is the mistake? Should I configured different public keys?
Thanks in advance for help!