flutter google sign in, getting id token for backend server authetication

4031 views
Skip to first unread message

Danny Hui

unread,
Jul 23, 2018, 9:47:27 PM7/23/18
to Flutter Dev
Hi All,

I am using the flutter  google sign in plugin for social login with backend server(by OAuth 2).
I should use the verifiable ID tokens to securely get the user IDs of signed-in users on the server side

I tried to use the flutter google sign in to get the id token as follows : 
google_sign_in: "^3.0.4"

I simply follow the document and get the 

GoogleSignIn _googleSignIn = new GoogleSignIn(
scopes: [
'email',
'openid',
'profile',
'https://www.googleapis.com/auth/contacts.readonly',
],
);

_googleSignIn.signIn().then<void>((GoogleSignInAccount googleSignInAccount) {
  googleSignInAccount.authentication.then<void>((GoogleSignInAuthentication googleSignInAuthentication) {

I find that it is not able to retrieve the id token.

After studying the comment in https://github.com/flutter/flutter/issues/16613 ,
I add the flutter firebase plugin to my project.
firebase_auth: "^0.5.14"

I assume that my config(including the google-services.json) should be correct because I finally get the id token from googleSignInAccount and firebaseUser as follow : 
_googleSignIn.signIn().then<void>((GoogleSignInAccount googleSignInAccount) {
googleSignInAccount.authentication.then<void>((GoogleSignInAuthentication googleSignInAuthentication) {
_auth.signInWithGoogle(idToken: googleSignInAuthentication.idToken, accessToken: googleSignInAuthentication.accessToken).then((FirebaseUser firebaseUser) {
firebaseUser.getIdToken(refresh: true).then((String idToken) {
print('id token =$idToken');
}, onError: (Object error) {
print('error in fetching firebase user id token. error=$error');
});

However, I find that the googleSignInAccount's idToken is invalid : 
, where the XYZ is the googleSignInAccount's idToken.

Here is the exception from google : 
{
 "error_description": "Invalid Value"
}

I also test it in verification APIs in backend server : 
<dependency>
<groupId>com.google.apis</groupId>
<artifactId>google-api-services-oauth2</artifactId>
</dependency>
It is invalid.


Then, I tried to the firebaseUser's idToken instead. However, it doesn't work as well.
In my backend server verification, 
<dependency>
<groupId>com.google.firebase</groupId>
<artifactId>firebase-admin</artifactId>
<version>6.3.0</version>
</dependency>


Here is the exception
com.google.firebase.auth.FirebaseAuthException: Firebase ID token isn't signed by a valid public key. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.

I think my token is signed with the public key and is not expired because I can see the details in https://jwt.io/ 
Header : 
{
  "alg": "RS256",
  "kid": "b89f7346a0985f421dcd8d30c0b30eebfae19a1e"
}


1) Am I doing anything wrong in getting the id token for my backend server authentication?

2) Why the googleSignInAccount's idToken is invalid but that can be used in flutter firebase auth? 

3) Why the firebaseUser's idToken isn't signed by a valid public key?

4) Should I just pass the access token to my backend server instead and verify the azp and aud?

Thanks!

Danny Hui

unread,
Jul 24, 2018, 4:49:21 AM7/24/18
to Flutter Dev

Danny Hui

unread,
Jul 25, 2018, 12:06:52 AM7/25/18
to Flutter Dev
I finally find that the dart print('id token =$idToken'); function cannot output the whole id token string in my console output..

_googleSignIn.signIn().then<void>((GoogleSignInAccount googleSignInAccount) {
googleSignInAccount.authentication.then<void>((GoogleSignInAuthentication googleSignInAuthentication) {
_auth.signInWithGoogle(idToken: googleSignInAuthentication.idToken, accessToken: googleSignInAuthentication.accessToken).then((FirebaseUser firebaseUser) {
firebaseUser.getIdToken(refresh: true).then((String idToken) {
print('id token =$idToken');
}, onError: (Object error) {
print('error in fetching firebase user id token. error=$error');
});

This token is enough for my backend authentication accessing Google API.

On Tuesday, July 24, 2018 at 9:47:27 AM UTC+8, Danny Hui wrote:

Sam Dzirasa

unread,
Jul 31, 2018, 11:12:56 PM7/31/18
to Flutter Dev
Hi Danny:
Are you actually able to get googleSignin working.

My app fails every time with error 'sign_in_failed' DEVELOPER ERROR.  I have added my SHA1 to my app in the Firebase console and added the corresponding google-services.json  to my flutter app.
I am using these 2 imports
import 'package:firebase_auth/firebase_auth.dart';
import 'package:google_sign_in/google_sign_in.dart';

Just curious: -- Did you have to do anything else in setup to get google (gmail) signin to work?  I get the sign-in screen but after signing in I get the error.

Sam

Danny Hui

unread,
Aug 5, 2018, 9:15:09 PM8/5/18
to Flutter Dev
Hi Sam,

Yes, I am actually able to get googleSignIn working.

May I know what is your error?

Danny Hui

unread,
Aug 5, 2018, 9:34:32 PM8/5/18
to Flutter Dev
Hi Sam,

Apart from adding the SHA1, you may also need to enter the Firebase console to turn on the service : Authentication > Login method > Google.

Regards!

On Wednesday, August 1, 2018 at 11:12:56 AM UTC+8, Sam Dzirasa wrote:

Steve

unread,
Aug 5, 2018, 9:43:10 PM8/5/18
to Flutter Dev
Hi,

onCurrentUserChanged.listen method?

Best Regards!

Agri Kridanto

unread,
Sep 16, 2018, 10:19:12 AM9/16/18
to Flutter Dev
Hai Danny ,  i have same problem ... i just got id token from google sign in, but when i verify with tokeninfo endpoint , it says 'invalid value'...
Then i'm trying using firebase auth , same result... Maybe you can give some suggestions ? Thanks...

Laerti Papa

unread,
Sep 22, 2018, 10:39:17 PM9/22/18
to Flutter Dev
I also have the same issue. I had to sent sent access_token instead.
Reply all
Reply to author
Forward
0 new messages