[FR] Provide more details for SENDER_ID_MISMATCH if I have permission to see across projects

[denkc]

Is your feature request related to a problem? Please describe.

As a developer, I'd like to be able to verify an ID token across all projects that I have access to in Firebase. There is an existing API to do so today but requires specifying a project ID and providing the correct credentials for each project.

https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_the_firebase_admin_sdk

Describe the solution you'd like

During debugging, the SENDER_ID_MISMATCH response tells you that a token is registered against a different project than it's being used for, but does not tell you what project it is. Since the Firebase portal knows which projects I already have access to, it would be helpful to have this built into the Firebase portal where, if I have access to the project, it can tell me the project it is registered to. Often, we will have dev/prod Firebase projects and provide the config during build time; this would help us debug the issue if they got mixed up.

Describe alternatives you've considered

It's possible to write a version of this on our own using a script that loads credentials and tests tokens against each project I have access to, but is not very friendly to get the necessary credential files for the script.

Additional context
I was forwarded here from the android SDK repo firebase/firebase-android-sdk#5545

[google-oss-bot]

I found a few problems with this issue:

• I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
• This issue does not seem to follow the issue template. Make sure you provide all the required information.