I can create a Custom Token using the Firebase Admin SDK. Strangely though, the returned Custom Token only has the head and body parts of the dot-separated JWT. I confirmed (usin jwt.io), that the empty tail, is an "Invalid Signature" (jwt.io CAN parse the head and body).
# Actual string format - head.body.<empty-signature>
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.
So that when I try to use Firebase Auth to exchange a Custom token for an ID and refresh token, I get an INVALID_CUSTOM_TOKEN. This fails for both these endpoints.
- https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=%s
- https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken?key=%s
error result
{:error
{:code 400,
:message "INVALID_CUSTOM_TOKEN",
:errors
[{:message "INVALID_CUSTOM_TOKEN",
:domain "global",
:reason "invalid"}]}}
How can I troubleshoot this? I don't see a way in Firebase's Admin SDK, to sign the token.
ps - Similar SO questions aren't yielding any answers
