Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Google backend authenticate failure, base64 decoding fails at GoogleIdTokenVerifier.verify #1529

Open
melvzgungog214 opened this issue May 21, 2020 · 2 comments
Open

Google backend authenticate failure, base64 decoding fails at GoogleIdTokenVerifier.verify #1529

melvzgungog214 opened this issue May 21, 2020 · 2 comments
Labels
priority: p4 type: question Request for information or clarification. Not an issue.

Comments

@melvzgungog214
Copy link

melvzgungog214 commented May 21, 2020
edited by chingor13

Environment details

  1. OS type and version: MACOS Catalina
  2. Java version: openjdk version "1.8.0_242"
  3. google-api-client version(s): 1.30.9
  4. play-1.4.6

Steps to reproduce

  1. Follow steps in https://developers.google.com/identity/sign-in/web/backend-auth
  2. On backend: GoogleIdToken idToken = verifier.verify(idtoken); cause issue

Code example

      if (StringUtils.isNotBlank(idtoken) && idtoken != null) {
            GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(new NetHttpTransport(), new JacksonFactory())
                    .setAudience(Collections.singletonList(GOOGLE_CLIENT_ID))
                    .build();
            
            try {
                GoogleIdToken idToken = verifier.verify(idtoken);
                
                if (idToken != null) {
                    Payload payload = idToken.getPayload();
                    
                    String userId = payload.getSubject();
                    logger.debug("User ID: " + userId);
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }

Stack trace
verifier.verify(idtoken) up to BaseEncoding.class:

public final byte[] decode(CharSequence chars)

Remote debugger shows: "java.lang.IllegalArgumentException: java.io.IOException: Unrecognized character: -"

External references such as API reference guides
https://developers.google.com/identity/sign-in/web/backend-auth

Any additional information below
At play CLI debugger I took token id and used it in
https://oauth2.googleapis.com/tokeninfo?id_token

It showed decoded access token with all correct information.
@melvzgungog214 melvzgungog214 mentioned this issue May 21, 2020
Closed
@yoshi-automation yoshi-automation added triage me I really want to be triaged. 🚨 This issue needs some love. labels May 22, 2020
@chingor13 chingor13 added priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Jun 3, 2020
@chingor13 chingor13 self-assigned this Jun 3, 2020
@yoshi-automation yoshi-automation removed triage me I really want to be triaged. 🚨 This issue needs some love. labels Jun 3, 2020
@yoshi-automation yoshi-automation added 🚨 This issue needs some love. and removed 🚨 This issue needs some love. labels Sep 1, 2020
@bgolson2309
Copy link

Is there a workaround, or recommended version to revert to?

@yoshi-automation yoshi-automation added the 🚨 This issue needs some love. label Nov 17, 2020
@chingor13
Copy link
Collaborator

You may need to verify that the token you are validating is actually an ID token (it will be a JWT which can be decoded - an example decoder is https://jwt.io/).

You might also want to try the newer, supported version in com.google.auth:google-auth-library: https://cloud.google.com/iap/docs/signed-headers-howto#iap_validate_jwt-java

@chingor13 chingor13 added type: question Request for information or clarification. Not an issue. and removed priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Nov 17, 2020
@yoshi-automation yoshi-automation removed the 🚨 This issue needs some love. label Nov 17, 2020
@chingor13 chingor13 removed their assignment May 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority: p4 type: question Request for information or clarification. Not an issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@chingor13 @meltsufin @yoshi-automation @bgolson2309 @melvzgungog214