firebase-auth-cloudflare-workers
firebase-auth-cloudflare-workers copied to clipboard
Code-Hex
fixed iat error of 1 second earlier
Error I encountered
I have encountered an issue with token verification where the iat claim is consistently 1 second ahead of the calculated current timestamp, resulting in verification errors.
Decoding Firebase ID token failed. Make sure you passed the entire string JWT
which represents an ID token. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for
details on how to retrieve an ID token. err: Error: Incorrect "iat" claim must be a older than
"1718141274" (iat: "1718141275")
Solution
I do not know the reason why, but I guess there is an calculation mismatch under 1000ms. I tested in my environment and figured out that Math.ceil fixes this problem to round the timestamp.
Justification
Honestly I do not know whether iat verification should be strict or not, however, I found that the same error is previously discussed on this Python repository and PR got merged. https://github.com/firebase/firebase-admin-python/pull/714 So IMO there is no reason to be strict and Math.ceil is somewhat valid solution.
Perhaps this error should be fixed comprehensively by adding clockSkewInSeconds args.
