Firebase Golang Admin SDK: client.SessionCookie() returns 'oauth2: cannot fetch token: 400 Bad Request'
253 views
Skip to first unread message
Ashvin Vinodh
Nov 27, 2022, 4:41:07 PM11/27/22
to Firebase Google Group
Hi there,
I have a web app for which I am utilizing Firebase auth to allow users to login using multiple IDPs (Google, Yahoo, Microsoft). I am using the Firebase Admin SDK for Go to validate the JWT (idToken) returned by Firebase and subsequently set a session cookie with the token as per: Manage Session Cookies | Firebase Authentication (google.com)
So far, I have been able to successfully client.VerifyIDToken() on the idToken returned by Firebase:
func LoginHandler(. . .)
So far, I have been able to successfully client.VerifyIDToken() on the idToken returned by Firebase:
// JSON formatted payload representing 'service-account-file.json'
//
var firebaseServiceAccountJsonData string = fmt.Sprintf('{...}')
//
var firebaseServiceAccountJsonData string = fmt.Sprintf('{...}')
{
creds, err := google.CredentialsFromJSON(context.Background(), firebaseServiceAccountBuf)
var firebaseServiceAccountBuf []byte = []byte(firebaseServiceAccountJsonData)
. . .
. . .
opt := option.WithCredentials(creds)
app, err := firebase.NewApp(context.Background(), nil, opt)
client, err = app.Auth(context.Background())
decodedToken, err := client.VerifyIDToken(context.Background(), idToken)
. . .
expiresIn := time.Hour * 12
expiresIn := time.Hour * 12
tokenCookie, err := client.SessionCookie(context.Background(), idToken, expiresIn)
}
However, in the code above, the call to client.SessionCookie() returns the following error:
error while making http call: Post "https://identitytoolkit.googleapis.com/v1/projects/myproject:createSessionCookie": oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_scope","error_description":"Invalid OAuth scope or ID token audience provided."}
It seems like the call the following line of code is returning the error: https://github.com/firebase/firebase-admin-go/blob/1d245771f556db75b76b32a793b931be6f39c630/auth/user_mgt.go#L1326
Note that I am using a json-formatted byte buffer instead of a 'service-account-file.json' file to initialize the Firebase App object. I am unsure if that is related, but I would appreciate any help regarding this issue.
However, in the code above, the call to client.SessionCookie() returns the following error:
error while making http call: Post "https://identitytoolkit.googleapis.com/v1/projects/myproject:createSessionCookie": oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_scope","error_description":"Invalid OAuth scope or ID token audience provided."}
It seems like the call the following line of code is returning the error: https://github.com/firebase/firebase-admin-go/blob/1d245771f556db75b76b32a793b931be6f39c630/auth/user_mgt.go#L1326
Note that I am using a json-formatted byte buffer instead of a 'service-account-file.json' file to initialize the Firebase App object. I am unsure if that is related, but I would appreciate any help regarding this issue.
Thanks,
Ashvin
Reply all
Reply to author
Forward
0 new messages