php-jwt: Invalid Custom TOken

Im using custom token auth on Firebase. I tried to generate token as the documentation said. But when i try to login in client side with (loginWithCustomToken(token)) method it gives an error below

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "invalid",
    "message": "INVALID_CUSTOM_TOKEN"
   }
  ],
  "code": 400,
  "message": "INVALID_CUSTOM_TOKEN"
 }
}

I generate token with this code block as described in firebase documentation

$service_account_email = "USED_FROM_JSON_FILE"; //
$private_key = "USED_FROM_JSON_FILE";

function create_custom_token($uid, $is_premium_account) {
  global $service_account_email, $private_key;

  $now_seconds = time();
  $payload = array(
    "iss" => $service_account_email,
    "sub" => $service_account_email,
    "aud" => "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
    "iat" => $now_seconds,
    "exp" => $now_seconds+(60*60),  // Maximum expiration time is one hour
    "uid" => $uid,
    "claims" => array(
      "premium_account" => $is_premium_account
    )
  );
  return JWT::encode($payload, $private_key, "RS256");
}

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Reactions: 4
  • Comments: 20

Most upvoted comments

I’ve figured out the problem in my case. It was wrong time on the server. So, “iat” and “exp” dates were wrong

+7
diamond-darrell on Apr 5, 2017

`<?php // Requires: composer require firebase/php-jwt use \Firebase\JWT\JWT;

// Get your service account's email address and private key from the JSON key file $service_account_email = “”; $private_key = “”;

function create_custom_token($cedula, $is_premium_account) { global $service_account_email, $private_key;

$now_seconds = time(); $payload = array( “iss” => $service_account_email, “sub” => $service_account_email, “aud” => “https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit”, “iat” => $now_seconds, “exp” => $now_seconds+(60*60), // Maximum expiration time is one hour “uid” => $cedula, “claims” => array( “premium_account” => $is_premium_account ) ); return JWT::encode($payload, $private_key); } ?>`

+2
dyangua on Dec 7, 2018

@rldaulton yes, i have this error because i try to create my custom token in node but in node you have method for that, in php works fine.

+1
dyangua on Dec 7, 2018

@diamond-darrell THANK YOU!

+1
DrewLandgrave on May 10, 2017

@diamond-darrell Thanks!! You saved me from pulling my hair out while testing.

+1
delta9 on Apr 7, 2017

Hello! Thank you for filing this.

I unfortunately cannot duplicate this issue. The above sample validated as expected. I would verify the following:

  1. The service account email matches the private key
  2. The project tied to the service account matches your firebase config (i.e. authDomain)
  3. The token being passed to loginWithCustomToken is correct

Unfortunately, the error message being returned from the API is not very helpful, so it could be any of these things or something else.

If you think there is a problem with the documentation, click Send Feedback in the top right corner of the documentation page and tell us the problem.

+1
bshaffer on Dec 28, 2016
Read more comments on GitHub
← geofire-js: Angular 6 - Error while creating an instance of GeoFire
php-jwt: "OpenSSL unable to verify data..." →