Hello I have an issue with IdentityServer 4.
When we intiate a cal to IDP with Swagger for the first time I can get a token
[12:36:21 DBG] Getting claims for identity token for subject: 3680d5aa-4b35-4e39-a1ce-cfbc6961f4c3 and client: Idp.UserIdentitySwagger
[12:36:21 DBG] In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration.
[12:36:21 VRB] Creating JWT identity token
[12:36:21 INF] {"ClientId": "Idp.UserIdentitySwagger", "ClientName": "Idp.UserIdentity Swagger", "RedirectUri": null, "Endpoint": "Token", "SubjectId": "3680d5aa-4b35-4e39-a1ce-cfbc6961f4c3", "Scopes": "openid profile email", "GrantType": "authorization_code", "Tokens": [{"TokenType": "id_token", "TokenValue": "****dlrQ", "$type": "Token"}, {"TokenType": "access_token", "TokenValue": "****g_rw", "$type": "Token"}], "Category": "Token", "Name": "Token Issued Success", "EventType": "Success", "Id": 2000, "Message": null, "ActivityId": "0HMJ7TTLK79RA:0000000E", "TimeStamp": "2022-07-17T12:36:21.0000000Z", "ProcessId": 1, "LocalIpAddress": "10.244.1.16:443", "RemoteIpAddress": "10.244.0.9", "$type": "TokenIssuedSuccessEvent"}
[12:36:21 VRB] Identity token issued for Idp.UserIdentitySwagger (Idp.UserIdentity Swagger) / 3680d5aa-4b35-4e39-a1ce-cfbc6961f4c3: eyJhbGciOiJSUzI1NiIsImtpZCI6IjIzNTJFMjcwQkFDQjUwMDAwNjM1NkY3RjIwRDM0MEIwQjk3NDRCRThSUzI1NiIsInR5cCI6IkpXVCIsIng1dCI6IkkxTGljTHJMVUFBR05XOV9JTk5Bc0xsMFMtZyJ9.eyJuYmYiOjE2NTgwNjEzODEsImV4cCI6MTY1ODA2NDk4MSwiaXNzIjoiaHR0cHM6Ly9pZHAub3Vpb3VpZGlzY291bnQuY29tIiwiYXVkIjoiSWRwLlVzZXJJZGVudGl0eVN3YWdnZXIiLCJpYXQiOjE2NTgwNjEzODEsImF0X2hhc2giOiJFWWRZYWtpb0ZFUTN6Z19qeHZ1Umd3Iiwic19oYXNoIjoiMUxYeTNQMXpaOTZiU2lDWjBrRmNBZyIsInNpZCI6IjYzREQ4OEQ5QTQ0NEEyRDQzRDU1QUNBMjYyQTM1MTc3Iiwic3ViIjoiMzY4MGQ1YWEtNGIzNS00ZTM5LWExY2UtY2ZiYzY5NjFmNGMzIiwiYXV0aF90aW1lIjoxNjU4MDYxMzczLCJpZHAiOiJsb2NhbCIsImFtciI6WyJwd2QiXX0.kyOSEob49JTd10Wmz3YMgg48MB-RRWmSJ6JB2dZeu-0r8WPOK69XXlq74bGAoyV6DwytsyTOmwb7h5Wnu5zcgbHFJ_ycGAi5PwOiO1clyDIpYW5ql__SZ2JH31ppuRg616eDaX0M2p9PFfW4MBSM1d4p69aWrbqAmuj8g833VjtZOFkZcgS6OZotqbM_zxOGLhfkzwJQtDjHdh1_imJp80fa4uv_0KOpWc62hclOXcBS8oKvgQYyeeS8AIXGrIBoNII8ZQ8yK-BrqOAjm4f1PVyyhQa8P19gXWoASQL6EHb-zCUo5VUXAu7bukBb4JNNzk8jUTCWvSUo9z4_rDdlrQ
[12:36:21 VRB] Access token issued for Idp.UserIdentitySwagger (Idp.UserIdentity Swagger) / 3680d5aa-4b35-4e39-a1ce-cfbc6961f4c3: eyJhbGciOiJSUzI1NiIsImtpZCI6IjIzNTJFMjcwQkFDQjUwMDAwNjM1NkY3RjIwRDM0MEIwQjk3NDRCRThSUzI1NiIsInR5cCI6ImF0K2p3dCIsIng1dCI6IkkxTGljTHJMVUFBR05XOV9JTk5Bc0xsMFMtZyJ9.eyJuYmYiOjE2NTgwNjEzODEsImV4cCI6MTY1ODA2NDk4MSwiaXNzIjoiaHR0cHM6Ly9pZHAub3Vpb3VpZGlzY291bnQuY29tIiwiY2xpZW50X2lkIjoiSWRwLlVzZXJJZGVudGl0eVN3YWdnZXIiLCJzdWIiOiIzNjgwZDVhYS00YjM1LTRlMzktYTFjZS1jZmJjNjk2MWY0YzMiLCJhdXRoX3RpbWUiOjE2NTgwNjEzNzMsImlkcCI6ImxvY2FsIiwic2lkIjoiNjNERDg4RDlBNDQ0QTJENDNENTVBQ0EyNjJBMzUxNzciLCJpYXQiOjE2NTgwNjEzODEsInNjb3BlIjpbIm9wZW5pZCIsInByb2ZpbGUiLCJlbWFpbCJdLCJhbXIiOlsicHdkIl19.BXtDlQKqw8rGmgnLjJuWJicF2BIHPzpp48NC-aP9cpzy7dqYY2a8kI1x07vTnhX2rcEjdfqhfMIfyJuqZJBhXVtfI7R60QyfuAj3Ozpa4KGE2Y28d9Xntizf4ctwUXFLZVboH8MrXflcIiDL8s5h_c6P6W2NafYK_1m7xpU68Qq0NsxqXsaG2SZT_nph-bl_hEvfR_AfXbkDI12Z606hSqAhjP5v_TQfc6_0zveCVTiFRUMCzTzndtRSVtNrP3WPGXalOTtOaeOIUFssDvqNYeF6nch245vjw5NQQu3zUgETOSJfeO_d0c7VCeEvp_s_yCEFCVOIl2_xvWd3Hig_rw
I disconnect and try to login again and a “invalid_grant” is raised. I clear the cache and try again and it does not work. After several retries I can login. I think it is random error. I cannot figure out the reason behind this error. Here is the error message and the IDP configuration and the client configuration. I hope that it can help.
[12:42:06 DBG] A data reader was disposed.
[12:42:06 DBG] Closing connection to database 'IdpDb' on server 'tcp://XXXXXXXXXXX:5432'.
[12:42:06 DBG] Closed connection to database 'IdpDb' on server ''.
[12:42:06 DBG] tJc155MKnmvPDXowrLH4laE8GBDyxFtEveiaB/ONE4w= found in database: False
[12:42:06 DBG] authorization_code grant with value: E3661868CE07773D4612B6A32A5D10B9B0A48D00E616718C795D9ED5F6827348 not found in store.
[12:42:06 ERR] Invalid authorization code{"code": "E3661868CE07773D4612B6A32A5D10B9B0A48D00E616718C795D9ED5F6827348"}, details: {"ClientId": "Idp.UserIdentitySwagger", "ClientName": "Idp.UserIdentity Swagger", "GrantType": "authorization_code", "Scopes": null, "AuthorizationCode": "****7348", "RefreshToken": "********", "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"grant_type": "authorization_code", "code": "E3661868CE07773D4612B6A32A5D10B9B0A48D00E616718C795D9ED5F6827348", "client_id": "Idp.UserIdentitySwagger", "client_secret": "***REDACTED***", "redirect_uri": "https://identity.*******.com/swagger/oauth2-redirect.html", "code_verifier": "eMCIRwHDzhTf1YrRr651Uaqi_COopBhc7ZfOGyjRiAc"}, "$type": "TokenRequestValidationLog"}
[12:42:06 INF] {"ClientId": "Idp.UserIdentitySwagger", "ClientName": "Idp.UserIdentity Swagger", "RedirectUri": null, "Endpoint": "Token", "SubjectId": null, "Scopes": null, "GrantType": "authorization_code", "Error": "invalid_grant", "ErrorDescription": null, "Category": "Token", "Name": "Token Issued Failure", "EventType": "Failure", "Id": 2001, "Message": null, "ActivityId": "0HMJ7TTLK79RH:00000008", "TimeStamp": "2022-07-17T12:42:06.0000000Z", "ProcessId": 1, "LocalIpAddress": "10.244.1.16:443", "RemoteIpAddress": "10.244.0.9", "$type": "TokenIssuedFailureEvent"}
[12:42:06 VRB] Invoking result: IdentityServer4.Endpoints.Results.TokenErrorResult
IdpConfiguration
services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = (t) =>
{
t.UseNpgsql(configuration.GetConnectionString("IdpDb"),
b => b.MigrationsAssembly(migrationsAssembly));
t.EnableSensitiveDataLogging();
};
})
.AddOperationalStore(options =>
{
options.ConfigureDbContext = (t) =>
{
t.UseNpgsql(configuration.GetConnectionString("IdpDb"),
b => b.MigrationsAssembly(migrationsAssembly));
t.EnableSensitiveDataLogging();
};
})
.AddProfileService<BrandeeUserProfileService>()
.AddSigningCredential(LoadCertificate(configuration));
DataProtection Code:
services.AddDataProtection()
.SetApplicationName("TAASe")
.UseCryptographicAlgorithms(
new AuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = EncryptionAlgorithm.AES_256_CBC,
ValidationAlgorithm = ValidationAlgorithm.HMACSHA256,
}
)
.ProtectKeysWithCertificate(new X509Certificate2(configuration["Certificate:Path"],
configuration["Certificate:Password"]))
.PersistKeysToDbContext<AppDataProtectionDbContext>()
.SetDefaultKeyLifetime(TimeSpan.FromDays(14));
Client Definition:
{
"clientId": "Idp.UserIdentity Swagger",
"clientName": "Idp.UserIdentity Swagger",
"requireConsent": true,
"accessTokenLifetime": 3600,
"identityTokenLifetime": 3600,
"allowOfflineAccess": true,
"alwaysSendClientClaims": true,
"secrets": [
"secret"
],
"scopes": [
"openid","profile","email"
],
"allowedGrantType": [
"authorization_code"
],
"redirectUris": [
"https://identity.XXXXXXXXXX.com/swagger/oauth2-redirect.html"
],
"corsOrigins": [
"https://identity.XXXXXXX.com"
],
"postLogoutRedirectUri": []
}
and in Swagger
services.AddSwaggerGen(options =>
{
var oauthSecuritySchema = new OpenApiSecurityScheme()
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows()
{
AuthorizationCode = new OpenApiOAuthFlow()
{
AuthorizationUrl = new Uri(configuration["Idp:AuthorizationUrl"]),
Scopes = new Dictionary<string, string>()
{
// {"Idp.UserManagement","Identity"},
{"openid","openid"},
{"profile","profile"},
{"email","email"}
},
TokenUrl = new Uri(configuration["Idp:TokenUrl"]),
}
},
Name = configuration["Swagger:Name"],
};
options.SwaggerDoc("v1", new OpenApiInfo {Title = "Protected API", Version = "v1"});
options.AddSecurityDefinition("oauth2", oauthSecuritySchema);
options.OperationFilter<AuthorizeCheckOperationFilter>();
options.EnableAnnotations();
});
When the user logs in, the Idp saves the code in the PersistedGrants table with the key formed by (code + ":" + "authorization_code").Sha256(). For your code E3661868CE07773D4612B6A32A5D10B9B0A48D00E616718C795D9ED5F6827348 the key is tJc155MKnmvPDXowrLH4laE8GBDyxFtEveiaB/ONE4w=. That is correct according to the logs. Then, the Idp returns this code to the caller.
Then, the client can change this code for the tokens in the token endpoint. The Idp try to recover this record by forming the key again, retrieving it from the database and checking if the passed code match with the stored previously.
It seems the persistence in the operational store is not working properly. Either this record is not saved in the first part, or the query to get it in the second part is not working. Whatever the reason the service returns a generic invalid_grant error message.
Check if the record is saved in the PersistedGrants table. You can use my Fiddle to form the key and test with other codes.
Check the previous logs if you have any EF exception when SaveAsync is called.
Related
My goal is to include JWT Bearer authentication into my ASP.NET 6 application. The Microsoft.AspNetCore.Authentication.JwtBearer is what I use as a package.
According to my understanding, it is irrelevant from which Provider I use an accessToken. What matters most is that the validation is accurate.
Keycloak is what I use in the background. I've previously created an user account there. I am using his accessToken in the Authorization header to address one of my routes. I am receiving a 401 error. I'm afraid I don't know why right now.
www-authenticate: Bearer error="invalid_token",error_description="The signature key was not found"
My access token has the following properties
{
"alg": "RS256",
"typ": "JWT",
"kid": "xxxx"
}
{
"exp":xxx,
"iat": xxx,
"jti": "xxx",
"iss": "http://localhostxxx",
"sub": "cxxx",
"typ": "Bearer",
"azp": "account xxx",
"nonce": "bxxxx",
"session_state": "2x",
"acr": "0",
"scope": "openid profile email",
"sid": "2xxxx",
"email_verified": true,
"name": "user",
"preferred_username": "user",
"given_name": "user",
"family_name": "usser",
"email": "user#web.de"
}
Thats my corresponding code
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o =>
{
o.RequireHttpsMetadata = false;
o.Authority = "account xxx"; // In my case account xxx (jwt.azp)
o.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "http://localhostxxx" // jwt.iss propertie,
IssuerSigningKey =
new SymmetricSecurityKey(Encoding.UTF8.GetBytes("xxxx")) // jwt.iss kid propertie,
ValidateIssuer = true,
RequireAudience = false,
RequireExpirationTime = false,
RequireSignedTokens = false,
ValidateIssuerSigningKey = true,
ValidateLifetime = false,
ValidateTokenReplay = false,
ValidateActor = false,
ValidateAudience = false,
};
});
I have the feeling that the error lies with the options.Authority
Do I have Keycloak set up incorrectly? I am getting the most important properties from that URL (Keycloak specific): http://localhost:xxx/realms/xxx/protocol/openid-connect/certs.Personally I don't think Keycloak has anything to do with it
Since the latest maintenances from ConnectyCube servers, I am experiencing a new issue when I authenticate with the custom identity provider.
I use Firebase as endpoint and it return the following json file (tested with Postman) :
{
"kind": "identitytoolkit#GetAccountInfoResponse",
"users": [
{
"localId": "The uid that I want to get",
"email": "test#test.com",
"passwordHash": "xxxxxx",
"emailVerified": false,
"passwordUpdatedAt": 1607681539305,
"providerUserInfo": [
{
"providerId": "password",
"federatedId": "test#test.com",
"email": "test#test.com",
"rawId": "test#test.com"
}
],
"validSince": "1607681539",
"disabled": false,
"lastLoginAt": "1620422687374",
"createdAt": "1607681539305",
"lastRefreshAt": "2021-05-07T21:24:47.374Z"
}
]
}
Previously, to get the localId, I used the following as responses params {"uid": "#{users[0].localId}"} and it worked.
Now I get the error "base":["Custom Identity Provider uid is required"] when I try to sign in the users while nothing changed in my code.
Do you have a solution to access to the localID parameter without using [0] as it seems to be the cause of the issue?
My current settings for the custom identity provider:
ENDPOINT: https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=API_WEBKEY
REQUEST HEADERS: {"Content-Type": "application/json"}
REQUEST PARAMS: {"idToken": "#{login}"}
RESPONSE PARAMS: {"uid": "#{users[0].localId}"}
Extract of my script where the error appear:
final token = await FirebaseLib().auth.currentUser.getIdToken();
createSession().then((cubeSession) {
CubeUser user = CubeUser(login: "$token", password: "");
signIn(user).then((cubeUser) {
Print("Worked!");
}).catchError((error) {});
}).catchError((error) {});
This should work now again
Please check
I am getting the error while inserting image file into the firebase Stroage. I am using HTTP rest api's for the same.
The code is as follows:
Future<void> upload(Image image2) async {
var accountCredentials = ServiceAccountCredentials.fromJson({
"private_key_id": " ",
"private_key": " ",
"client_email":"< >.iam.gserviceaccount.com",
"client_id": "",
"type": "service_account"
});
var scopes = [
'https://www.googleapis.com/auth/cloud-platform',
];
var client = Client();
AccessCredentials credentials =
await obtainAccessCredentialsViaServiceAccount(accountCredentials, scopes, client);
String accessToken = credentials.accessToken.data;
var request = Request(
'POST',
Uri.parse(
'https://www.googleapis.com/upload/storage/v1/b/mybucket/o?uploadType=media&name=$image2'),
);
request.headers['Authorization'] = "Bearer $accessToken";
request.headers['Content-Type'] = "image/png";
Response response = await Response.fromStream(await request.send());
print("response is ");
print(response.statusCode);
print("response body");
print(response.body);
client.close();
}
The Error is as follows:
{
"error": {
"code": 403,
"message": "< >.iam.gserviceaccount.com does not have storage.objects.create access
to the Google Cloud Storage object.",
"errors": [
{
"message": "< >.gserviceaccount.com does not have storage.objects.create access to the
Google Cloud Storage object.",
"domain": "global",
"reason": "forbidden"
}
]
}
}
I have given the permission of storage.objects.create through IAM service management but this is not working
Click here to view ScreenShot of assigned permission
I'm getting this error :
I get a successful access only when I remove the redirect
this is the Identity Server 4 side :
new Client {
RequireConsent = false,
ClientId = "ClientApp",
ClientName = "SPA Client App",
AccessTokenType = AccessTokenType.Jwt,
AllowedGrantTypes = GrantTypes.Implicit,
AllowedScopes = { "openid", "profile", "email", "api.read" },
RedirectUris = {"http://localhost:4200/auth-callback"},
PostLogoutRedirectUris = {"http://localhost:4200/"},
AllowedCorsOrigins = {"http://localhost:4200"},
AllowAccessTokensViaBrowser = true,
AccessTokenLifetime = 3600
},
and the Client side :
export function getClientSettings(): UserManagerSettings {
return {
authority: 'http://localhost:5000',
client_id: 'ClientApp',
redirect_uri: 'http://localhost:4200/auth-callback',
post_logout_redirect_uri: 'http://localhost:4200/',
response_type: 'id_token token',
// scope: 'openid profile BankOfDotNet.API',
scope: 'openid profile email api.read',
filterProtocolClaims: true,
loadUserInfo: true,
automaticSilentRenew: true,
silent_redirect_uri: 'http://localhost:4200/silent-refresh.html'
};
}
Another error is showing and I can't understand if it is the same as the one before.
logs as asked:
IdentityServer4.Validation.AuthorizeRequestValidator:Error: Unknown client or not enabled: SPAClient
{
"SubjectId": "anonymous",
"RequestedScopes": "",
"Raw": {
"client_id": "SPAClient",
"redirect_uri": "http://localhost:4200/fetch-data",
"response_type": "code",
"scope": "openid profile bankOfDotNetApi",
"state": "b1c4a9eebe704650a6301a4fa633d558",
"code_challenge": "OWv8xEW0iHKVQTDUTqxybVe4cQXAd2mdJIWZ8Budni8",
"code_challenge_method": "S256",
"response_mode": "query"
}
}
IdentityServer4.Endpoints.AuthorizeEndpoint:Error: Request validation failed
IdentityServer4.Endpoints.AuthorizeEndpoint:Information: {
"SubjectId": "anonymous",
"RequestedScopes": "",
"Raw": {
"client_id": "SPAClient",
"redirect_uri": "http://localhost:4200/fetch-data",
"response_type": "code",
"scope": "openid profile bankOfDotNetApi",
"state": "b1c4a9eebe704650a6301a4fa633d558",
"code_challenge": "OWv8xEW0iHKVQTDUTqxybVe4cQXAd2mdJIWZ8Budni8",
"code_challenge_method": "S256",
"response_mode": "query"
}
}
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 186.6231ms 302
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:5000/home/error?errorId=CfDJ8CQhqAOzyZ9FnWMOkakiUDM48vI_2dxE-C2BufLYKmWsaswgqMctLthhXKjSgwSdgWakjV1UpkzAwMl4aeQRoa_OK7NBBmGejbq8r8kZ8ZryGFMBXhFPTP_auWF6ZU0qSRpm6hRYKpaFsJkA9V0mbmpcHeHTok7levfWugV3Ysiu0xRCRYz7iSM590AlkEjiHCLjrFnGTaGTY7pFGywlcfeWbeOpfkbBVNqeqe0YgkJzFmBouS4k7XdOhAL6afG8j2Zh33Cw4yDMYFMEXIOLWswYoHy2Q0t4G5gpJ2VBBoIgtRV2LeVHrw45qpIUjNOFNnI1g-rD_eTgb0pCjXCLJfR_X6zIO1tJArXHrUTLyAMt
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Route matched with {action = "Error", controller = "Home"}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Error(System.String) on controller IdentityServer4.Quickstart.UI.HomeController (BankOfDotNet.IdentitySvr).
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executing action method IdentityServer4.Quickstart.UI.HomeController.Error (BankOfDotNet.IdentitySvr) - Validation state: Valid
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action method IdentityServer4.Quickstart.UI.HomeController.Error (BankOfDotNet.IdentitySvr), returned result Microsoft.AspNetCore.Mvc.ViewResult in 7.5635ms.
Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor:Information: Executing ViewResult, running view Error.
Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor:Information: Executed ViewResult - view Error executed in 21.4364ms.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action IdentityServer4.Quickstart.UI.HomeController.Error (BankOfDotNet.IdentitySvr) in 50.3452ms
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 72.7919ms 200 text/html; charset=utf-8
The thread 0x2c44 has exited with code 0 (0x0).
The thread 0x46d0 has exited with code 0 (0x0).
im new thats why logs we added like this, i dont know how to add it in simplest view.
Your client definition says
ClientId = "ClientApp",
But in the logs, is says:
"client_id": "SPAClient",
Are you confused about the clientId?
After I create user with email and password as below,
firebase.auth().createUserWithEmailAndPassword(email, password).catch(function(error) {
// Handle Errors here.
var errorCode = error.code;
var errorMessage = error.message;
// ...
});
firebase returns me created user object like this:
{
"uid": "huuX6OwdbfNvthORiDzNV6seo3D3",
"displayName": null,
"photoURL": null,
"email": "qqq2#yahoo.com",
"emailVerified": false,
"phoneNumber": null,
"isAnonymous": false,
"providerData": [
{
"uid": "qqq2#yahoo.com",
"displayName": null,
"photoURL": null,
"email": "qqq2#yahoo.com",
"phoneNumber": null,
"providerId": "password"
}
],
"apiKey": "qqqwwweee",
"appName": "[DEFAULT]",
"authDomain": null,
"stsTokenManager": {
"apiKey": "qqqwwweee",
"refreshToken": "AGdpqewb4UYbr5Uo5",
"accessToken": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImI4OWY",
"expirationTime": 1532487232918
},
"redirectEventId": null,
"lastLoginAt": "1532483591000",
"createdAt": "1532482346000"
}
Then every time I use signInWithEmailAndPassword method it generates new accessToken and refreshToken.
But I would like to use accessToken until it expires for created user, what method I can use to validate user with this token. So, I do not need to make user sign-in every time.
And method provided for this?
You are accessing internals of a user. These are subject to change. You should rely on the officially documented API. accessToken is basically the internal name of Firebase ID token. The correct way to get it is by calling user.getIdToken(). This will return the cached token if not expired or will refresh the token under the hood for you.