On the backend a custom token is generated via firebase's admin SDK thusly:
router.use('/get-token', (req, res) => {
var uid = "big-secret";
admin.auth().createCustomToken(uid)
.then(function(customToken) {
res.json({
instanceID: customToken
});
})
.catch(function(error) {
console.log("Error creating custom token:", error);
});
});
The client frontend app then picks up the customToken and with it makes a request back to the backend to verify:
const fbPrivateKey = serviceAccount.private_key;
const key = new NodeRSA(fbPrivateKey).exportKey('pkcs8-public-pem');
router.get('/verifyIdToken', cors(), (req, res) => {
jwt.verify(req.headers.authorization.split('Bearer ')[1], key, { algorithms: ['RS256'] }, function(err, decoded) {
console.log('err', err);
console.log('decoded', decoded);
});
This always errors with the message: JsonWebTokenError: invalid signature
Does this need signing? If anyone could explain this or has any pointers?
via Harry L
No comments:
Post a Comment