'Firebase ID token has incorrect audience (aud) claim. Expected Make sure the ID token comes from the same Firebase project as the

I use Firebase Admin .NET SDK with the .Net 6 web API project for Google login. The below code is working fine in the local environment. But when I published the app to Azure App service it gives the below error. I think the issue here is with initializing the "FirebaseAdminSdk.json" file. Do you know how to do it in production?

Firebase ID token has incorrect audience (aud) claim. Expected my-firebase-project-id but got 272437162012-hagu0iffquo1lb3ko07qtpgenluswaebr.apps.googleusercontent.com. Make sure the ID token comes from the same Firebase project as the credential used to initialize this SDK

Extension method

 public static void ConfigureFirebaseAdminSdk(this IServiceCollection services,
        IConfiguration configuration)
    {
       
        var pathToFirebaseAdminSdk = Path.Combine(Directory.GetCurrentDirectory(),
                           "keys", "FirebaseAdminSdk.json"); // I think problem is here

        FirebaseApp.Create(new AppOptions
        {
            Credential = GoogleCredential.FromFile(pathToFirebaseAdminSdk)
        });

        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
               .AddJwtBearer(options =>
               {
                   var firebaseProjectId = configuration["FirebaseProjectId"];

                   var firebaseSecureTokenUrl = configuration["FirebaseSecureTokenUrl"];

                   options.Authority = firebaseSecureTokenUrl + firebaseProjectId;

                   options.TokenValidationParameters = new TokenValidationParameters
                   {
                       ValidateIssuer = true,
                       ValidIssuer = firebaseSecureTokenUrl + firebaseProjectId,
                       ValidateAudience = true,
                       ValidAudience = firebaseProjectId,
                       ValidateLifetime = true
                   };
               });
    }
c++sharp.netfirebaseazure-devopsfirebase-authentication


Solution 1:[1]

As the error message says, your FirebaseAdminSdk.json is for a different project than where you are running the code. From the my-firebase-project-id in the message it seems that it may be from your local emulator project.

You will need to make sure the JSON file and the configuration["FirebaseProjectId"] are for the same project.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Frank van Puffelen

Related Questions