russmedia-digital / cordova-plugin-google-signin

Cordova Google SignIn
Apache License 2.0
12 stars 29 forks source link

Different aud value on id_token (JWT token) android and ios #17

Open redclouddrailan opened 1 year ago

redclouddrailan commented 1 year ago

How can I successfully verify the id_token received from android and ios? When I inspected the id_token's value I noticed that they have different aud values and that's the reason the [https://developers.google.com/identity/gsi/web/guides/verify-google-id-token](verifyIdToken on my server) returns invalid_value on the android signin.

Here's the IOS id_token which I can successfully verify.

image

Here's the android id_token which cannot be verified by google.

image

I'm using the same client id that I use on the web for the android.

clixclix2 commented 10 months ago

I have the opposite problem: I can verify server-side the token when it is generated by the cordova app on android. Instead, if I verify server-side the id_token generated by the app compiled on ios, it throws the message:

The value '.........' is not a verified ID token:
- - The token was not issued by the given issuers
- - The token is not allowed to be used by this audience

EDIT: Currently, I solved by verifying server-side the id_token coming from android with the Firebase PHP SDK (https://github.com/kreait/firebase-php/) and the id_token coming from ios with the Google PHP SDK (explained in https://developers.google.com/identity/sign-in/ios/backend-auth)

SrFortes commented 2 months ago

I have the opposite problem: I can verify server-side the token when it is generated by the cordova app on android. Instead, if I verify server-side the id_token generated by the app compiled on ios, it throws the message:

The value '.........' is not a verified ID token:
- - The token was not issued by the given issuers
- - The token is not allowed to be used by this audience

EDIT: Currently, I solved by verifying server-side the id_token coming from android with the Firebase PHP SDK (https://github.com/kreait/firebase-php/) and the id_token coming from ios with the Google PHP SDK (explained in https://developers.google.com/identity/sign-in/ios/backend-auth)

is work for me.....