5

We have an app that is working fine in the Cloud with Google and Github as IDP.

When trying to work locally with the Emulator. The call to createSessionCookie fails with: FirebaseAuthError: There is no user record corresponding to the provided identifier

When I tried the following:

app.get('/console/sessionLogin', (req, res) => {

    const idToken = req.query.idToken;


    admin.auth().verifyIdToken(idToken)
        .then((result) => {
            console.log(">> VERIFY TOKEN = ", result);
        }, (error)=> {
            console.log(">>>> VERIFY FAILED ", error);
        });
});

I get this error: >>>> VERIFY FAILED FirebaseAuthError: Firebase ID token has invalid signature

Im starting the emulator with: GOOGLE_APPLICATION_CREDENTIALS=./service-auth.json FIREBASE_AUTH_EMULATOR_HOST=localhost:9099 firebase emulators:start

This is what I get when emulators start:

i  emulators: Starting emulators: auth, functions, firestore, hosting
⚠  functions: The following emulators are not running, calls to these services from the Functions emulator will affect production: database, pubsub
✔  functions: Using node@14 from host.
⚠  functions: Your GOOGLE_APPLICATION_CREDENTIALS environment variable points to ./service-auth.json. Non-emulated services will access production using these credentials. Be careful!
⚠  firestore: Did not find a Cloud Firestore rules file specified in a firebase.json config file.
⚠  firestore: The emulator will default to allowing all reads and writes. Learn more about this option: https://firebase.google.com/docs/emulator-suite/install_and_configure#security_rules_configuration.
i  firestore: Firestore Emulator logging to firestore-debug.log
i  hosting: Serving hosting files from: public
✔  hosting: Local server: http://localhost:8090
i  ui: Emulator UI logging to ui-debug.log
i  functions: Watching "/Users/.../functions" for Cloud Functions...
✔  functions[console]: http function initialized (http://localhost:5001/XXXX/us-central1/console).

┌─────────────────────────────────────────────────────────────┐
│ ✔  All emulators ready! It is now safe to connect your app. │
│ i  View Emulator UI at http://localhost:8091                │
└─────────────────────────────────────────────────────────────┘

┌────────────────┬────────────────┬─────────────────────────────────┐
│ Emulator       │ Host:Port      │ View in Emulator UI             │
├────────────────┼────────────────┼─────────────────────────────────┤
│ Authentication │ localhost:9099 │ http://localhost:8091/auth      │
├────────────────┼────────────────┼─────────────────────────────────┤
│ Functions      │ localhost:5001 │ http://localhost:8091/functions │
├────────────────┼────────────────┼─────────────────────────────────┤
│ Firestore      │ localhost:8080 │ http://localhost:8091/firestore │
├────────────────┼────────────────┼─────────────────────────────────┤
│ Hosting        │ localhost:8090 │ n/a                             │
└────────────────┴────────────────┴─────────────────────────────────┘
  Emulator Hub running at localhost:4400
  Other reserved ports: 4500

I added console.log to the auth class just before it makes the call and I see this:

>  SENDING AUTH REQUEST  {
>    method: 'POST',
>    url: 'http://localhost:9099/identitytoolkit.googleapis.com/v1/projects/XXXX:createSessionCookie',
>    headers: { 'X-Client-Version': 'Node/Admin/9.7.0' },
>    data: {
>      idToken: 'eyJhbGciOiJSUzI1NiIsImtpZCI6ImNjM2Y0ZThiMmYxZDAyZjBlYTRiMWJkZGU1NWFkZDhiMDhiYzUzODYiLCJ0eXAiOiJKV1QifQ.eyJuYW1lIjoiWW9hdiBOaXJhbiIsInBpY3R1cmUiOiJodHRwczovL2xoMy5nb29nbGV1c2VyY29udGVudC5jb20vYS0vQU9oMTRHajczX2tnUmQxVnBTV3Y2RzRrOU41ZHZLNkRESjJlaGZrUUhPN2w9czk2LWMiLCJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vbWVkaWEtZmxvdy1iMzdkMSIsImF1ZCI6Im1lZGlhLWZsb3ctYjM3ZDEiLCJhdXRoX3RpbWUiOjE2MjAyMTExOTMsInVzZXJfaWQiOiJFa2lhRUc0NXFoTU9Jbk5VT01IbHJOYVpuR24yIiwic3ViIjoiRWtpYUVHNDVxaE1PSW5OVU9NSGxyTmFabkduMiIsImlhdCI6MTYyMDIxMTE5MywiZXhwIjoxNjIwMjE0NzkzLCJlbWFpbCI6InlvYXZAY2xvdWRpbmFyeS5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZmlyZWJhc2UiOnsiaWRlbnRpdGllcyI6eyJnb29nbGUuY29tIjpbIjEwNzEwMTUyNzU2NTgzOTU0Nzg4MyJdLCJlbWFpbCI6WyJ5b2F2QGNsb3VkaW5hcnkuY29tIl19LCJzaWduX2luX3Byb3ZpZGVyIjoiZ29vZ2xlLmNvbSJ9fQ.grIXaGN9-Ue92EZqN7NNgoUo3vQF8zxApvHZ6IvucWIQOJKDMJnSxEvWGH6P7vg4ETQldgg1VtLNC-eRhE_417OJYKkqpTutsT6mihUgiAHmFoVWcrcgDFn0PSi0eznqFiYq36OpAJQo8CiaMIrFeyqrhe9qQUdhKvz-1XzksbsKc1gna-6yVcdaQtcEfsmmrMJnfK9MQ1MsE2_F3ooVzV5Ym1b_6cFNAilBPHThIVn7kZ64kTBqTOUon06PV3uD_Svv3X3B971cW9oXSnZGZDEJs6fP0vHyKhakFrNVNwcgbhPnJ7WIkNjh0WuG3yYMSNn8LauZMllHP2iV3nICAA',
>      validDuration: 432000
>    },
>    timeout: 25000
>  }

so it looks like the emulated auth service is failing when given the id token from the IDP...

Im not sure what else I'm missing. Havent been able to find anything online regarding this specific issue.

Last thing that might be relevant - im running on node 14.15.1

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
poeticGeek
  • 1,001
  • 10
  • 14
  • Did you find a solution for this? I seem to have the same problem! – adius Jun 09 '21 at 22:28
  • @adius unfortunately no. I worked around it by enabling password login only in dev (with the emulator). This allows me to work in dev just (or almost) as well as in Prod so it was good enough. Especially in our current timeline pressure. – poeticGeek Jun 13 '21 at 12:54
  • I'm not sure if this work for you. I just had (maybe) similar issue with sign in anonymous from flutter, yet it solved just by flutter clean. – Ryde Jun 24 '21 at 09:04
  • nvm, its not working still INVALID_REFRESH_TOKEN error for me. I need to reinstall my app on emulator to make it work (but with new id created). – Ryde Jun 24 '21 at 21:16

1 Answers1

1

I had the same issue.

It turned out that the token I was trying to validate was actually coming from my production authentication instance and not the emulator.

To fix it, I had to tell my app to use the emulator for authentication instead:

const auth = firebase.auth();
auth.useEmulator("http://localhost:9099");

More information at here.

Wiley
  • 21
  • 5