1

I had reproduced a library to verify firebase token base on this respo. My app uses the azure function like a backend, so after the user logged in, every action will send to the azure function with the token, and the azure function will validate that token then respond to the results. The library takes the public key from here. I had created an azure function to test this library. My request:

var client = new RestClient("http://localhost:7071/api/test-connection");
client.Timeout = -1;
var request = new RestRequest(Method.GET);
request.AddHeader("x-requested-with", "XMLHttpRequest");
request.AddHeader("Authorization", "Bearer <My Firebase Token>");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);

I encountered an exception

IDX10516: Signature validation failed. Unable to match key: 
kid: 'System.String'.
Exceptions caught:
 'System.Text.StringBuilder'. 
token: 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'. Valid Lifetime: 'System.Boolean'. Valid Issuer: 'System.Boolean'

I had spent over 2 days researching the reasons and solutions. A week before my code worked well. Is the problem caused by the public keys I got from google?

jazb
  • 5,498
  • 6
  • 37
  • 44
Young
  • 97
  • 7

1 Answers1

2

I was getting the same error, and was having a really hard time debugging it.

Based on this answer, I added the following code to my Startup.cs:

if (env.IsDevelopment())
{
     IdentityModelEventSource.ShowPII = true; 
}

Once I made this change and reproduced the error, I was able to see the actual value for kid (instead of kid: 'System.String' in my error message, I saw kid: 'ABCDEF' - not the real value, but hopefully you get the idea).

Next, I compared that value to the kid values listed here - and sure enough, that value was not present, hence the "unable to match key" error.

In my case, it turns out that I was not obtaining the token from Firebase correctly. I was making a request to https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword, but from the documentation I found this:

returnSecureToken boolean - Should always be true.

I was not setting this property in my request. After using a token obtained when setting this property correctly, I stopped getting the "IDX10516: Signature validation failed. Unable to match key" error in my C# code.

Donut
  • 110,061
  • 20
  • 134
  • 146