google-signin-unity icon indicating copy to clipboard operation
google-signin-unity copied to clipboard

Published 20 hours ago verified publisher icon googlesamples

Invalid token signature

Open twsv opened this issue 6 years ago • 3 comments

I have searched on the internet and also tried troubleshooting on my own but I was unable to find a solution.

I followed the guide on https://developers.google.com/identity/sign-in/android/start and two OAuth 2.0 client IDs were created automatically on Step 2. One of them is with the name OAuth Client and the other is Web client (Auto-created for Google Sign-in).

I copied the Client ID from the Web client (Auto-created for Google Sign-in) and used it in a script of mine in the Awake().

List<string> scopes = new List<string> { "email" };

m_GoogleConfiguration = new GoogleSignInConfiguration
{
    WebClientId = "numbersAndAlphabetsYadaYada.apps.googleusercontent.com ",
    AdditionalScopes = scopes,
    RequestIdToken = true,
    RequestAuthCode = true
};

After that, I have created a button that executes this

GoogleSignIn.Configuration = m_GoogleConfiguration;
                    GoogleSignIn.Configuration.UseGameSignIn = false;
                    GoogleSignIn.Configuration.RequestIdToken = true;
                    GoogleSignIn.DefaultInstance.SignIn().ContinueWith(OnLoginSuccess);

When I received the event in my function internal void OnLoginSuccess(Task<GoogleSignInUser> task) , I stored the task.Result.IdToken and sent it to my NodeJS server.

When the message arrives on my NodeJS server, I tried to authenticate the id token via the function below.

const m_GoogleClient = new OAuth2Client("numbersAndAlphabetsYadaYada.apps.googleusercontent.com ");
async function ValidateGoogleToken(token) 
{
    try
    {
        const ticket = await m_GoogleClient.verifyIdToken(
        {
            idToken: token,
            audience: "numbersAndAlphabetsYadaYada.apps.googleusercontent.com "
        });
        const payload = ticket.getPayload();
        const userid = payload['sub'];
    }
    catch (err)
    {
    }
}

However, I am receiving the error Invalid token signature: eyJhbGciOiJSUzI1NiIsImtpZCI6ImRmOGQ5ZWU0MDNiY2M3MTg1YWQ1MTA0MTE I have shorten the error as it was extremely long with lots of numbers and alphabets.

I have also tried to copy the id token and access https://oauth2.googleapis.com/tokeninfo?id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6ImRmOGQ5ZWU0MDNiY2M3MTg1YWQ1MTA0MTE

However, I am getting

{
  "error": "invalid_token",
  "error_description": "Invalid Value"
}

Can anyone tell me what might possibly went wrong?

Extra information:

  1. My keystore was created using Unity 2019.2.0f1 Keystore Manager.

  2. I have used this keystore to configure my Google Project in step 2 of https://developers.google.com/identity/sign-in/android/start

  3. My package name is definitely the same as when I generated the SHA1 using keytool -exportcert -list -v -alias "game" -keystore C:\path\game.keystore

  4. The credentials.json created from step 2 of https://developers.google.com/identity/sign-in/android/start looks different from the sample on https://github.com/googlesamples/google-signin-unity

{"web":{"client_id":"numbersAndAlphabetsYadaYada.apps.googleusercontent.com","project_id":"game","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"something"}}

While the sample shown is

"oauth_client": [
        {
          "client_id": "411000067631-hmh4e210xxxxxxxxxx373t3icpju8ooi.apps.googleusercontent.com",
          "client_type": 3
        },
        {
          "client_id": "411000067631-udra361txxxxxxxxxx561o9u9hc0java.apps.googleusercontent.com",
          "client_type": 1,
          "android_info": {
            "package_name": "com.your.package.name.",
            "certificate_hash": "7ada045cccccccccc677a38c91474628d6c55d03"
          }
        }
      ]
  1. NodeJS Validation function was gotten from https://developers.google.com/identity/sign-in/android/backend-auth

Please kindly assist if possible. Thank you very much.

twsv avatar Aug 19 '19 09:08 twsv

Hi, did you find out why this was happening? I'm getting the same error.

Update:

Finally found out the issue. Copy pasting my own answer to an SO question:

In my case, I was testing this in Unity and I copied the idToken value that I printed in logcat. Turns out, there is some character or size limit (1024 bytes?) for a line in either adb logcat or Unity's Debug.Log() method. So the printed token value was getting truncated. What I did then for testing was that I copied the token value to clipboard during runtime and then checked again with the tokeninfo endpoint https://oauth2.googleapis.com/tokeninfo?id_token= and it was accepted.

chandujr avatar Oct 13 '21 15:10 chandujr

@twsv Hi, did you find a solution on this?

Amrazyan avatar Mar 23 '23 13:03 Amrazyan

my code was working just fine, then suddenly i get error like message invalid token, _verify_iat_and_exp(payload, clock_skew_in_seconds) google.auth.exceptions.InvalidValue: Token used too early, 1688573306 < 1688573308. Check that your computer's clock is set correctly.

souravahmed1 avatar Jul 05 '23 16:07 souravahmed1