Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Google backend authenticate failure, base64 decoding fails at GoogleIdTokenVerifier.verify #1403

Closed
yerzhik opened this issue Oct 28, 2019 · 11 comments
Closed

Google backend authenticate failure, base64 decoding fails at GoogleIdTokenVerifier.verify #1403

yerzhik opened this issue Oct 28, 2019 · 11 comments
Assignees
@codyoss
Labels
needs more info This issue needs more information from the customer to proceed. priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@yerzhik
Copy link

yerzhik commented Oct 28, 2019

Environment details

  1. OS type and version: Windows 7
  2. Java version: 8
  3. google-api-client version(s): 1.30.4

Steps to reproduce

  1. Follow steps in https://developers.google.com/identity/sign-in/web/backend-auth
  2. On backend: GoogleIdToken idToken = verifier.verify(googleToken); cause issue

Code example

try {

            GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(new NetHttpTransport(), getDefaultJsonFactory())
                    // Specify the CLIENT_ID of the app that accesses the backend:
                    .setAudience(Collections.singletonList(clientId))
                    // Or, if multiple clients access the backend:
                    //.setAudience(Arrays.asList(CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3))
                    .build();

            GoogleIdToken idToken = verifier.verify(googleToken);

Stack trace

verifier.verify runs up to BaseEncoding.class:

public final byte[] decode(CharSequence chars)

Remote debugger shows: "java.io.IOException: Unrecognized character: -"

External references such as API reference guides

https://developers.google.com/identity/sign-in/web/backend-auth

Any additional information below

At remote tomcat debugger I took token id and used it in
https://oauth2.googleapis.com/tokeninfo?id_token

It showed decoded access token with all correct information.
@yoshi-automation yoshi-automation added triage me I really want to be triaged. 🚨 This issue needs some love. labels Oct 29, 2019
@codyoss codyoss self-assigned this Nov 5, 2019
@codyoss codyoss added priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. and removed 🚨 This issue needs some love. triage me I really want to be triaged. labels Nov 5, 2019
@codyoss
Copy link
Member

codyoss commented Nov 5, 2019

Hey @yerzhik thanks for the report. I will investigate.

@codyoss
Copy link
Member

codyoss commented Nov 22, 2019

@yerzhik how are you getting googleToken? Are you still having this issue?

@codyoss codyoss added the needs more info This issue needs more information from the customer to proceed. label Nov 22, 2019
@yerzhik
Copy link
Author

yerzhik commented Nov 23, 2019 via email

@zelda2626
Copy link

I downgraded the library version and the same code worked
.

What version? I tried several and doesn't work...

@yerzhik
Copy link
Author

yerzhik commented Nov 25, 2019

Hey @yerzhik thanks for the report. I will investigate.

I just followed official tutorial/example codes. I can put it here later today if needed.

@codyoss codyoss removed the needs more info This issue needs more information from the customer to proceed. label Nov 25, 2019
@codyoss
Copy link
Member

codyoss commented Dec 16, 2019

@yerzhik could you share what version worked, and did not work for you? This verify code seems like it has been pretty stable so if there is something going on here I think it is in one of the dependencies of the lib.

@codyoss codyoss added the needs more info This issue needs more information from the customer to proceed. label Dec 16, 2019
@yoshi-automation yoshi-automation added 🚨 This issue needs some love. and removed 🚨 This issue needs some love. labels Mar 15, 2020
@tobingj
Copy link

tobingj commented Apr 5, 2020

Looks like setAudience(Collections.singletonList(clientId)) is broken. Comment this code to verify the token. For example,
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory)
// Specify the CLIENT_ID of the app that accesses the backend:
.setIssuer("accounts.google.com")
//.setAudience(Arrays.asList(clientId))
// Or, if multiple clients access the backend:
// .setAudience(Arrays.asList(CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3))
.build();

@codyoss
Copy link
Member

codyoss commented Apr 22, 2020

I have tried to reproduce this on master, but was unsuccessful. Closing for now. If you are still having issues please reopen with more details. Thanks.

@codyoss codyoss closed this as completed Apr 22, 2020
@melvzgungog214
Copy link

@codyoss I encountered same issue as this. I used google-api-client-1.30.9.jar. Please help me. I need to fix this ASAP.

@melvzgungog214
Copy link

melvzgungog214 commented May 21, 2020
edited

@codyoss In frontend side, it's working fine but the problem is on verifying the id token. This is my code:

if (StringUtils.isNotBlank(idtoken) && idtoken != null) {
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(new NetHttpTransport(), new JacksonFactory())
.setAudience(Collections.singletonList(GOOGLE_CLIENT_ID))
.build();

        try {
            GoogleIdToken idToken = verifier.verify(idtoken);
            
            if (idToken != null) {
                Payload payload = idToken.getPayload();
                
                String userId = payload.getSubject();
                logger.debug("User ID: " + userId);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

This is the error in my CLI:

java.lang.IllegalArgumentException: java.io.IOException: Unrecognized character: -
at com.google.common.io.BaseEncoding.decode(BaseEncoding.java:237)
at com.google.api.client.util.Base64.decodeBase64(Base64.java:101)
at com.google.api.client.json.webtoken.JsonWebSignature$Parser.parse(JsonWebSignature.java:536)
at com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.parse(GoogleIdToken.java:58)
at com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier.verify(GoogleIdTokenVerifier.java:191)

I used play-1.4.6 JAVA Framework
JAVA VERSION Details:
openjdk version "1.8.0_242"
OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_242-b08)
OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.242-b08, mixed mode)

OS: MACOS Catalina

Any thoughts here? @codyoss

@melvzgungog214
Copy link

melvzgungog214 commented May 21, 2020
edited

FYI, @codyoss I created separate issue of this and it is under #1529

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@codyoss codyoss

Labels
needs more info This issue needs more information from the customer to proceed. priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@yerzhik @codyoss @zelda2626 @yoshi-automation @tobingj @melvzgungog214