Open redclouddrailan opened 1 year ago
I have the opposite problem: I can verify server-side the token when it is generated by the cordova app on android. Instead, if I verify server-side the id_token generated by the app compiled on ios, it throws the message:
The value '.........' is not a verified ID token:
- - The token was not issued by the given issuers
- - The token is not allowed to be used by this audience
EDIT: Currently, I solved by verifying server-side the id_token coming from android with the Firebase PHP SDK (https://github.com/kreait/firebase-php/) and the id_token coming from ios with the Google PHP SDK (explained in https://developers.google.com/identity/sign-in/ios/backend-auth)
I have the opposite problem: I can verify server-side the token when it is generated by the cordova app on android. Instead, if I verify server-side the id_token generated by the app compiled on ios, it throws the message:
The value '.........' is not a verified ID token: - - The token was not issued by the given issuers - - The token is not allowed to be used by this audience
EDIT: Currently, I solved by verifying server-side the id_token coming from android with the Firebase PHP SDK (https://github.com/kreait/firebase-php/) and the id_token coming from ios with the Google PHP SDK (explained in https://developers.google.com/identity/sign-in/ios/backend-auth)
is work for me.....
How can I successfully verify the id_token received from android and ios? When I inspected the id_token's value I noticed that they have different aud values and that's the reason the [https://developers.google.com/identity/gsi/web/guides/verify-google-id-token](verifyIdToken on my server) returns invalid_value on the android signin.
Here's the IOS id_token which I can successfully verify.
Here's the android id_token which cannot be verified by google.
I'm using the same client id that I use on the web for the android.