Firebase SDK 令牌验证错误:auth/argument-error
Posted
技术标签:
【中文标题】Firebase SDK 令牌验证错误:auth/argument-error【英文标题】:Firebase SDK Token Verification error: auth/argument-error 【发布时间】:2018-12-26 11:04:03 【问题描述】:我正在使用带有 firebase 的 Angular 应用程序工作,但我无法在云函数中使用 firebase SDK 验证 idToken。
当我尝试调用受保护的端点时开始,用户必须经过身份验证才能访问它,但是当我与经过身份验证的用户进行调用时,它不会成功。
首先我检查functions:log,看看我在认证失败时记录的错误信息。
2018-07-18T13:10:11.575Z E api: Error while verifying Firebase ID token: Error: Decoding Firebase ID token failed. Make sure you passed the entire string JWT which represents an ID token. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.
at FirebaseAuthError.Error (native)
at FirebaseAuthError.FirebaseError [as constructor] (/user_code/node_modules/firebase-admin/lib/utils/error.js:39:28)
at FirebaseAuthError.PrefixedFirebaseError [as constructor] (/user_code/node_modules/firebase-admin/lib/utils/error.js:85:28)
at new FirebaseAuthError (/user_code/node_modules/firebase-admin/lib/utils/error.js:143:16)
at FirebaseTokenVerifier.verifyJWT (/user_code/node_modules/firebase-admin/lib/auth/token-verifier.js:136:35)
at FirebaseTokenGenerator.verifyIdToken (/user_code/node_modules/firebase-admin/lib/auth/token-generator.js:129:37)
at Auth.verifyIdToken (/user_code/node_modules/firebase-admin/lib/auth/auth.js:124:37)
at validateFirebaseIdToken (/user_code/lib/routes/employee/employeeRoute.js:29:18)
at Layer.handle [as handle_request] (/user_code/node_modules/express/lib/router/layer.js:95:5)
at next (/user_code/node_modules/express/lib/router/route.js:137:13) errorInfo:
code: 'auth/argument-error',
message: 'Decoding Firebase ID token failed. Make sure you passed the entire string JWT which represents an ID token. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.' ,
codePrefix: 'auth'
所以我检查了我是如何获得令牌的,它似乎很好:
public async getIdToken()
return this.angularFireAuth.auth.currentUser.getIdToken(true)
.then(idToken =>
return idToken
)
.catch(err =>
throw new Error(err)
)
以及我如何验证它,看起来也很好(在我看来)
const validateFirebaseIdToken = (req, res, next) =>
console.log('Check if request is authorized with Firebase ID token')
if ((!req.headers.authorization || !req.headers.authorization.startsWith('Bearer ')) && !(req.cookies && req.cookies.__session))
console.error('No Firebase ID token was passed as a Bearer token in the Authorization header.',
'Make sure you authorize your request by providing the following HTTP header:',
'Authorization: Bearer <Firebase ID Token>',
'or by passing a "__session" cookie.')
res.status(403).send('Unauthorized')
return
let idToken
if (req.headers.authorization && req.headers.authorization.startsWith('Bearer '))
console.log('Found "Authorization" header')
idToken = req.headers.authorization.split('Bearer')[1]
else if(req.cookies)
console.log('Found "__session" cookie')
idToken = req.cookies.__session
else
console.log('No cookie')
res.status(403).send('Unauthorized')
return
admin.auth().verifyIdToken(idToken)
.then(decodedIdToken =>
console.log('ID token correctly decoded', decodedIdToken)
return next()
)
.catch(error =>
console.error('Error while verifying Firebase ID token: ', error)
res.status(403).send('Unauthorized')
)
所以我记录了 getIdToken 函数中返回的 idToken 和 admin.auth().verifyIdToken(idToken) 之前的 idToken 被调用并且它们完全匹配。
所以我不明白为什么会失败。
我已经检查了文档,它似乎与我所做的匹配 https://firebase.google.com/docs/auth/admin/verify-id-tokens
任何想法都将不胜感激。
【问题讨论】:
【参考方案1】:卡洛斯在这里。
我觉得过程还可以,但是拆分表头的时候可能token里面多了一个空格:
if (req.headers.authorization && req.headers.authorization.startsWith('Bearer '))
console.log('Found "Authorization" header')
idToken = req.headers.authorization.split('Bearer')[1] // <- this part has a space at the beginning
修剪字符串有助于解决问题?
【讨论】:
这就是问题所在。非常感谢卡洛斯。有时,当您在同一个问题上停留数小时时,您会忽略这类细节。以上是关于Firebase SDK 令牌验证错误:auth/argument-error的主要内容,如果未能解决你的问题,请参考以下文章
使用 Facebook 令牌的 Firebase Unity SDK 身份验证
“调用者没有权限”尝试使用 Firebase Admin SDK 创建自定义令牌