How to verify Google signin (via Firebase) idToken in nodejs backend?

Question

Trying to verify idToken of a user signed in via firebase authentication (Google signin) in nodejs server. Server throws Firebase ID token has invalid signature.

Tried verifying with firebase-admin as well as jsonwebtoken with public key from the url: https://www.googleapis.com/robot/v1/metadata/x509/[email protected]. Both methods work perfect for users signed in with a password, but throws 'Invalid Signature' in case of a user signed in via google.

Is there anything I am doing wrong? Do I need to verify with google-auth-library instead?

Code:

import * as admin from "firebase-admin";

admin.initializeApp({
  credential: admin.credential.cert(require("../../serviceAccount")), // file received from firebase project settings page
  databaseURL: "as mentioned in the firebase project settings page",
});

// Some code here

var token = "token received from client side";
var decoded = await admin.auth().verifyIdToken(token);

PS:

• All client side features (after signing in) are working fine.
• Everything else on the backend is working fine.
• Decoding the token in both cases gives expected JSON.
• For test run, token is being forceRefreshed everytime before calling the API.

Answer 1

const { OAuth2Client } = require("google-auth-library");

const client = new OAuth2Client(googleClient[process.env.ENV])
let token = 123456789011-crhch2kuum79bk0qr3usa39f7b9chikc.apps.googleusercontent.com

async function googleLoginVerify(token) {
  try {
    const ticket = await client.verifyIdToken({
      idToken: token,
      audience: googleClient[process.env.ENV], 
    });
      const payLoad = ticket.getPayload();

    return {
      success: true,
      data: payLoad,
    };

  } catch (err) {
    console.log(err.message);
    return {
      success: false,
      message: err.message,
    };
  }
}