OIDC Auth with Tyk

[Łukasz M.]

We are planning to use TYC as our api gateway.

TYC provides multiple api auth schemes. I was evaluating for usage with JWT, but as one of the developers from TYC mentioned(https://community.tyk.io/t/tyk-and-firebase-jwt-tokens/970/4) Firebase uses OpenId. So I started evaluating Firebase in regards of using OpenID.

Currently I'm trying to configure out how to use Firebase but it uses a bit different parameters than normal Googles auth features(issuer in the token). For example the token after signing it looks like this:

{

  "iss": "https://securetoken.google.com/my-app-c9c0b",

  "name": "my name",

  "my-claim": "true",

  "aud": "my-app-c9c0b",

  "auth_time": 1472368680,

  "user_id": "9Lp2v00Yk0MrdfQSiwUFkCqkfIi2",

  "sub": "9Lp2v00Yk0MrdfQSiwUFkCqkfIi2",

  "iat": 1472368680,

  "exp": 1472372280,

  "email": "my-...@gmail.com",

  "email_verified": true,

  "firebase": {

    "identities": {

      "google.com": [

        "107374840125958991773"

      ],

      "email": [

        "my-...@gmail.com"

      ]

    },

    "sign_in_provider": "custom"

  }

}

In the OIDC in TYC I set the issuer as https://securetoken.google.com/my-app-c9c0b. Currently I get an error

The provider https://securetoken.google.com/my-app-c9c0b does not have a client id matching any of the token audiences [my-app-c9c0b]"

I recognize this is not entirely an issue with Firebase nor Tyc, but it might be some configuration mistake on my side.

I appreciate any help with this.

[Jacob Wenger]

Hey Lukasz,

Where exactly is that error coming from? It does not look like an error that comes from Firebase... Also, how is this issue related to this other thread you opened up about OpenID spec compliance? Is it possible to de-dupe those two threads and explain in more detail what exactly you are expecting from Firebase?

I assume you've already read through our server auth docs, but if not, you can give them a read here to learn about custom tokens and ID tokens.

Cheers,

Jacob

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/1ac640e9-ec94-4a6a-b79b-db8dcbccbcaa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Łukasz M.]

Hey Jacob,

Yes, this was one of the issues I solved, and the other topic is a "continuation". This one can be closed.

To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

[Jacob Wenger]

Would you mind sharing the resolution here so that others who see this in the future will know how to resolve this problem?

Thanks,

Jacob

To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/87629219-9e01-44e4-b8ca-a76af56de356%40googlegroups.com.