Invalid token signature

[dpkjain]

Error: Invalid token signature: token_here
    at OAuth2Client.verifySignedJwtWithCertsAsync (E:\Node\node_modules\google-auth-library\build\src\auth\oauth2client.js:562:19)
    at processTicksAndRejections (internal/process/task_queues.js:94:5)
    at async OAuth2Client.verifyIdTokenAsync (E:\Node\node_modules\google-auth-library\build\src\auth\oauth2client.js:392:23)
    at async verify (E:\Node\app.js:6:20)

const verified = await crypto.verify(cert, signed, signature);
if (!verified) {
  throw new Error('Invalid token signature: ' + jwt);
}

getting the error on these lines.

The token is obtained using googleAuthentication on flutter.

Here is the code snippet of Node

const {OAuth2Client} = require('google-auth-library');
const client = new OAuth2Client(CLIENT_ID);
async function verify() {
  const ticket = await client.verifyIdToken({
    idToken: token,
    audience: CLIENT_ID, // Specify the CLIENT_ID of the app that accesses the backend
    // Or, if multiple clients access the backend:
    //[CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]
  });
  const payload = ticket.getPayload();
  const userid = payload['sub'];
  console.log(payload);
  console.log(userid);
}

Token I am getting in Flutter application -

final GoogleSignInAuthentication googleAuth = await currentUser.authentication;
googleAuth.idToken;
googleAuth.accessToken

[tiagocorreiaalmeida]

@dpkjain have you figured out what's wrong? Facing the same issue

[longmaba]

Same issue here guys

[masterhood13]

also have this issue

[omkartralsawala]

Still facing this issue
can we open this again if it's not resolved

[quocbahuynh]

check your token again. Something miss

[pr0con]

hi im using google-auth-library and am getting this same error but it works with node i just installed each so this is the latest version of bun as of today

630 |         if (envelope.alg === 'ES256') {
631 |             signature = formatEcdsa.joseToDer(signature, 'ES256').toString('base64');
632 |         }
633 |         const verified = await crypto.verify(cert, signed, signature);
634 |         if (!verified) {
635 |             throw new Error('Invalid token signature: ' + jwt);
                      ^
error: Invalid token signature: eyJhbGci

The Validation Function looks lik this

async function verifyGoogleJWT(data) {
	console.log(data);
	
	try {				
		const ticket = await gauth_client.verifyIdToken({
			idToken: data.credential,
			audience: config.google.oauth.client_id,  // Specify the CLIENT_ID of the app that accesses the backend
		});

If i run the app with Node it works fine and the token checks out..

[ruslanjan]

hi im using google-auth-library and am getting this same error but it works with node i just installed each so this is the latest version of bun as of today

630 |         if (envelope.alg === 'ES256') {
631 |             signature = formatEcdsa.joseToDer(signature, 'ES256').toString('base64');
632 |         }
633 |         const verified = await crypto.verify(cert, signed, signature);
634 |         if (!verified) {
635 |             throw new Error('Invalid token signature: ' + jwt);
                      ^
error: Invalid token signature: eyJhbGci

The Validation Function looks lik this

async function verifyGoogleJWT(data) {
	console.log(data);
	
	try {				
		const ticket = await gauth_client.verifyIdToken({
			idToken: data.credential,
			audience: config.google.oauth.client_id,  // Specify the CLIENT_ID of the app that accesses the backend
		});

If i run the app with Node it works fine and the token checks out..

@pr0con
did you found any solutions for this?

[SnowMarble]

I found there's wrong algorithm on the code.