Always throws "Token not verified as issued by Google" about google-id-token HOT 7 CLOSED

Since my use case is low volume and an extra network request isn't a big deal, I ended up using Google's tokeninfo endpoint: https://developers.google.com/identity/sign-in/web/backend-auth#using-a-google-api-client-library

I haven't quite finished all of the error cases, but it basically looks like this:

# Gemfile:
gem 'google-api-client', require: 'google/apis/oauth2_v2'

# In application_controller.rb
class ApplicationController < ActionController::Base
  include ActionController::HttpAuthentication::Token::ControllerMethods

  protected

  def authenticate_user
    authenticate_or_request_with_http_token do |token, options|
      if valid_token?(token)
        return true
      else
        render_unauthorized
      end
    end
  end

  # https://www.codeschool.com/blog/2014/02/03/token-based-authentication-rails/
  def render_unauthorized
    self.headers['WWW-Authenticate'] = 'Token realm="Application"'
    render json: 'Bad credentials', status: 401
  end

  def valid_token?(token)
    oauth2 = Google::Apis::Oauth2V2::Oauth2Service.new
    userinfo = oauth2.tokeninfo(access_token: token)
    if userinfo
      user_id   = userinfo.user_id
      audience  = userinfo.audience

      if audience != "_YOUR APP'S CLIENT ID_"
        return false
      end

      user_id.present?
    else
      false
    end
  rescue => e
    # Should really be more specific and handle each of these differently:
    # [Google::Apis::ServerError] An error occurred on the server and the request can be retried
    # [Google::Apis::ClientError] The request is invalid and should not be retried without modification
    # [Google::Apis::AuthorizationError] Authorization is required

    false
  end
end

from google-id-token.

Leaving this in case anyone else runs into the reason I kept seeing this.

I was passing a token in via:

Authorization: bearer '<token>'

The quotes were causing this to always respond with:

Token not verified as issued by Google

I just needed to strip the quotes before passing it into the validator. I didn't expect this to be a problem since the JWT gem used to decode handled this scenario.

from google-id-token.

@morgler did you ever figure this out or decide on an alternative? I used this gem successfully in Feb and now am having the same problem.

from google-id-token.

Unfortunately I never resolved this. I moved on and simply generate the JWT on my Rails server instead of using firebase. I also don't use any firebase services on this app currently.

from google-id-token.

For completeness, the Javascript that calls this uses fetch like this after it gets an access token from client-side auth:

fetch(`/auth/verify.json`, {
        headers: {
          'X-Requested-With': 'XMLHttpRequest',
          'Authorization': 'Token token=' + googleAuthResponse.accessToken
        }
      })

from google-id-token.

I'm not using Firebase but I am having the same issue. Not sure what I'll do to move around it.

Update: I was simply passing in nil for the token due to a missing header in my ios http client. The library seems to work fine.

from google-id-token.

This project is deprecated, and we're archiving the repository. The functionality is available in the googleauth gem. See https://github.com/googleapis/google-auth-library-ruby.

from google-id-token.