0

So I was working with my Firebase project using just html and PHP, and sometimes when I logging in, it keeps telling me that my token was issued in the future. It happens again and again, I have no idea how to stop it.

enter image description here

Is there a way to make a new token? So that I finally can log in? Thank you.

Code :

login-process.php

if (isset($_POST['login_btn'])) {
    $email = $_POST['email'];
    $clearTextPassword = $_POST['pwd'];

    try {
       $user = $auth->getUserByEmail("$email");

       try {
          $signInResult = $auth->signInWithEmailAndPassword($email, $clearTextPassword);
          $idTokenString = $signInResult->idToken();

          try {
             $verifiedIdToken = $auth->verifyIdToken($idTokenString);
             $uid = $verifiedIdToken->claims()->get('sub');
             $_SESSION['verified_user_id'] = $uid;
             $_SESSION['idTokenString'] = $idTokenString;

             $_SESSION['status'] = "Login Success.";
             header('Location: home.php');
             exit();

          } catch (FailedToVerifyToken $e) {
                $_SESSION['status_error'] = "The token is invalid: " . $e->getMessage();
                header('Location: login.php');
                exit();
          }

      } catch (Exception $e) {
         $_SESSION['status_error'] = "Email atau kata sandi salah. Coba lagi.";
         header('Location: login.php');
         exit();
      }

   } catch (\Kreait\Firebase\Exception\Auth\UserNotFound $e) {
      $_SESSION['status_error'] = $e->getMessage();
      header('Location: login.php');
      exit();
   }

} else {
    $_SESSION['status_error'] = "Not Allowed.";
    header('Location: login.php');
    exit();
}

auth.php (this file is included in every files that user needs to be logged in first)

if (isset($_SESSION['verified_user_id'])) {

    $uid = $_SESSION['verified_user_id'];
    $idTokenString = $_SESSION['idTokenString'];

    try {
        $verifiedIdToken = $auth->verifyIdToken($idTokenString);

    } catch (FailedToVerifyToken $e) {
        $_SESSION['expire_status'] = "Token Expired/Invalid. Please Login again.";
        header('Location: logout.php');
        exit();
    }

} else {
    $_SESSION['status_error'] = "Please Log in First.";
    header('Location: login.php');
    exit();
}
Marc Anthony B
  • 3,635
  • 2
  • 4
  • 19
Kurokumo
  • 3
  • 3
  • Can you share your code how you are logging in and tokens are generated? – Dharmaraj Sep 11 '22 at 12:53
  • I've added it. Can you check it out? – Kurokumo Sep 11 '22 at 13:17
  • Sign in code looks fine to me. Can you try printing the ID Token and use [JSToolset](https://www.jstoolset.com/jwt) to check the contents of JWT and share the relevant info like the issuer and times? – Dharmaraj Sep 11 '22 at 13:59
  • Sounds like your PHP server has a clock issue – Phil Sep 26 '22 at 02:42
  • You may want to check [this](https://firebase-php.readthedocs.io/en/4.x/troubleshooting.html#id-tokens-are-issued-in-the-future) out. – Marc Anthony B Sep 26 '22 at 03:10
  • Thank you everyone, I forgot to tell you that now it's okay, I can login multiple times at anytime. Looks like the problem I was having that day was I use localhost (xampp) to login and verifying the token, and that's why it keeps telling the error. Thank you again. – Kurokumo Oct 01 '22 at 00:28

0 Answers0