javascript - Not getting "email" from firebase verify id token using google sign in - Stack Overflow

admin管理员组

文章数量:1352128

In my web application, I am using firebase google sign in to authenticate users,The flow is as follows

1. In the frontend make the user sign in using firebase sdk get the idtoken for the user send it to server
2. Server uses the idtoken to verify the user and get email from the idtoken

I am using a python backend and I use google.oauth2.id_token module to verify the token and to decode the token

The problem is for few users the decoded token doses not contain the email field

In the front-end I have tried adding the userinfo.email scope also still it is not working

I added the scope like this

googleProvider = new firebase.auth.GoogleAuthProvider(); googleProvider.addScope('.email')

in back-end i am decoding the token like this

decoded_token = google.oauth2.id_token.verify_firebase_token(auth_token, google.auth.transport.requests.Request())

this is what the decoded token contains for few users (I have changed actual values to "sometext")

{
    "picture": "somtext",
    "sub": "somtext",
    "user_id": "somtext",
    "name": "somtext",
    "iss": "",
    "firebase": {
      "sign_in_provider": "google",
      "identities": {
        "google": [
          "somtext"
        ]
      }
    },
    "exp": 1557566434,
    "auth_time": 1557562833,
    "iat": 1557562834,
    "aud": "somtext"
  }

email field is missing in the decoded token

for few users email field is present for few it is not present

I don't know what I am missing, I want to have email field in the decoded token for all users

In my web application, I am using firebase google sign in to authenticate users,The flow is as follows

1. In the frontend make the user sign in using firebase sdk get the idtoken for the user send it to server
2. Server uses the idtoken to verify the user and get email from the idtoken

I am using a python backend and I use google.oauth2.id_token module to verify the token and to decode the token

The problem is for few users the decoded token doses not contain the email field

In the front-end I have tried adding the userinfo.email scope also still it is not working

I added the scope like this

googleProvider = new firebase.auth.GoogleAuthProvider(); googleProvider.addScope('https://www.googleapis./auth/userinfo.email')

in back-end i am decoding the token like this

decoded_token = google.oauth2.id_token.verify_firebase_token(auth_token, google.auth.transport.requests.Request())

this is what the decoded token contains for few users (I have changed actual values to "sometext")

{
    "picture": "somtext",
    "sub": "somtext",
    "user_id": "somtext",
    "name": "somtext",
    "iss": "https://securetoken.google./somtext",
    "firebase": {
      "sign_in_provider": "google.",
      "identities": {
        "google.": [
          "somtext"
        ]
      }
    },
    "exp": 1557566434,
    "auth_time": 1557562833,
    "iat": 1557562834,
    "aud": "somtext"
  }

email field is missing in the decoded token

for few users email field is present for few it is not present

I don't know what I am missing, I want to have email field in the decoded token for all users

• javascript
• python
• firebase
• firebase-authentication
• google-signin

Share Improve this question Follow edited May 11, 2019 at 14:22 Frank van Puffelen 600k8585 gold badges890890 silver badges860860 bronze badges asked May 11, 2019 at 8:45 durairajaadurairajaa 17111 silver badge99 bronze badges 3

• Did you find a solution for it? Thanks! – xims Commented Jul 30, 2019 at 3:31
• I have the same using facebook. as provider. verifyIdToken does not show the email address. I do get the email address after signing in in the front end with signInWithPopup(provider) – A.W. Commented Dec 25, 2019 at 11:51
• 1 I found an answer at stackoverflow./a/50442344/351688 Using the admin sdk function admin.auth().getUser(uid) returns the full userdetails after getting the uid using verifyIdToken – A.W. Commented Dec 25, 2019 at 12:06

Add a ment  | 

2 Answers 2

Sorted by: Reset to default 6

You can use user.providerData[0]!.email! to get email in case you are using "Allow creation of multiple accounts with the same email address":

  let bearerTokenID = req.cookies.BearerTokenID;
  let decodedToken = await admin.auth().verifyIdToken(bearerTokenID);
  let user = await admin.auth().getUser(decodedToken.uid);
  let email = user.providerData[0]!.email!;
  console.log("Email:", email);

I did not find the exact solution for what I have asked but I have changed my flow, I am posting this because I feel like it may help some one

the reason for not getting email is "Allow creation of multiple accounts with the same email address" settings in the firebase signin flow. what this option does is it creates an account with no email address and a UID that is different than the other account with the same email address

what I required was to allow users to use multiple sign-in-providers (facebook, google in my case) to sign in

if some user is using same email with 2 different sign-in-providers and sign-in using different providers(with same email) at different time that user should be linked to a single account

how I implemented the requirement is explained below

In firebase sign-in flow I changed the setting to "One account per email address",

I had to handle the following cases for implementing this requirement

case 1:

User sign-in for the 1st time(no user account is there for the user) using a sign-in-provider

case 2:

User sign-in (not 1st time user account is created already) using the same sign-in-provider

case 3:

User sign-in (not 1st time user account is created already) using a different sign-in-provider (with same email)

handling case 1 and case 2

In front end when a user signs-in the front end sends the idtoken and the email(email is obtained using the email.scope) to the backend

backend verifies the idtoken and get the firebase user_id of that token then it checks the db for an account associated with the firebase user_id

if it cannot find an account associated with the firebase user_id, it creates a new account with that firebase user_id as a key and store the email in that account and sends the required details to front end. if it finds an account it sends the details associated with the account

handling case3

because of the "One account per email address" setting when a user try to sign-in using already existing email using a new sign-in provider firebase will throw an "auth/account-exists-with-different-credential" exception

by handling this exception as explained here https://firebase.google./docs/auth/web/google-signin#handling-account-exists-with-different-credential-errors the email with this new sign-in-provider would be linked to the existing firebase user_id

then the flow is like in case2

本文标签： javascriptNot getting quotemailquot from firebase verify id token using google sign inStack Overflow