Description
- Operating System version: run.googleapis.com (linux)
- Firebase SDK version: 5.1.0
- Firebase Product: Admin auth
- Node.js version: 20
- NPM version: 10.8.2
Verify id tokens in firebase functions will fail when using tenants in Google Identity platform
Steps to reproduce:
1 Create a app in Firebase and enable google identitiy platform.
2 Add tenant to identities platform
3 Add user to tenant
4 Log into app using user and tenant id
5 call google function from app
6 in function attempt to verify id token with FirebaseAdmin.auth().verifyIdToken('tokenString')
error
Error: There is no user record corresponding to the provided identifier.
Relevant Code:
var token = await admin.auth() .verifyIdToken(req.rawRequest.header('Authorization').substring(7),true);
I could use the TenantAuth but to get that I would need the TennantId which is in the token, which you can access by verifying the token but like I said you need to know the tenant for that. I could manually scrape the tenantId from the jet by parsing it myself but then I have to hard code its location in the jwt firebase attribute with could change.
var tenantAuth = await admin.auth().tenantManager().authForTenant(token.firebase.tenant);
var token = await tenantAuth.verifyIdToken(req.rawRequest.header('Authorization').substring(7),true);
Expected functionality would be that it detect the presence of a tenant in the firebase attribute and attempt to get the correct tenantAuth instance and use that to verify.