Skip to content

Error when validating idToken behind a proxy #150

New issue
New issue
Closed
Closed
Error when validating idToken behind a proxy#150
@xbauquet

Description

@xbauquet
xbauquet
opened on Mar 9, 2018

Environment

  • Operating System version: Debian 8.9
  • Firebase SDK version: 5.9.0
  • Library version: 5.9.0
  • Firebase Product: auth
  • Java: openjdk version "1.8.0_131"

The problem

I tried to use the firebase-admin-java to authenticate my user via Google.
Every time I was getting this error:
com.google.firebase.auth.FirebaseAuthException: Error while verifying token signature.
The problem was the proxy. So I tried to set the proxy options like this:

InputStream serviceAccount = getClass().getClassLoader().getResourceAsStream(<fileName>);

Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(<address>, <port>));
HttpTransport httpTransport = new NetHttpTransport.Builder().setProxy(proxy).build();

HttpTransportFactory httpTransportFactory = () -> httpTransport;

FirebaseOptions options = new FirebaseOptions.Builder()
   .setCredentials(GoogleCredentials.fromStream(serviceAccount, httpTransportFactory))
   .setDatabaseUrl(<adress>)
   .setHttpTransport(httpTransport)
   .build();
FirebaseApp.initializeApp(options);
FirebaseToken decodedToken = FirebaseAuth.getInstance().verifyIdTokenAsync(<token>).get();

But I was still getting the same error.

Workaround

A work around that works is to define the proxy parameters as system properties:

System.setProperty("http.proxyHost", <address>);
System.setProperty("http.proxyPort", <port>);
System.setProperty("https.proxyHost", <address>);
System.setProperty("https.proxyPort", <port>);

Bug in the code ?

It seems like the problem comes from this line in the code:
FirebaseTokenVerifier - line 52

public static final GooglePublicKeysManager DEFAULT_KEY_MANAGER =
      new GooglePublicKeysManager.Builder(new NetHttpTransport.Builder().build(), new GsonFactory())
          .setClock(Clock.SYSTEM)
          .setPublicCertsEncodedUrl(CLIENT_CERT_URL)
          .build();

The default GooglePublicKeysManager doesn't take the custom transport given in the FirebaseOptions.

PR

I opened a PR #151 with a fix for this issue.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions