相关文章推荐
小百科  ›  OpenID Authentication - Playfab Community
可爱的伏特加
7 月前

Hello,

I am trying to setup a Firebase authentication with Photon. Specifically, firebase has the authnority the Google Project id, and not the URL used for validation.

On the other side, Photon forcem me to fillin at the issuer a HTTPS address. Despite my effort to put the Firebase token validation, photon successully validates the token, but it throws an exception that the Authnority is not the one specified.

The error which I get is:

IDX10214: Audience validation failed. Audiences: 'api-800....'. Did not match: validationParameters.ValidAudience: '84....- pb5tsn9r286748u558shidp98e7oatjd.apps.googleusercontent.com ' or validationParameters.ValidAudiences: 'null'.

Is there any way to specify separately Authority validation URL am the Actual authority?

Thanks

Comment
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
    • Toggle Comment visibility. Current Visibility: Viewable by all users

    PlayFab supports OpenID authentication.

    Despite the documentation which explains how can you integrate this, I didn't succeed use it.

    I use a JWT token created by the Google Firebase. In the login validation, I have this exception that the Audience does not match.

    DX10214: Audience validation failed. Audiences: 'api-800....'. Did not match: validationParameters.ValidAudience: '84....- pb5tsn9r286748u558shidp98e7oatjd.apps.googleusercontent.com ' or validationParameters.ValidAudiences: 'null'.

    In the case of Google Project the audience is set to the project id. However, in in the PlayFab you can not set the audience as a non valid HTTP request. This force me to write the audience to :

    https://securetoken.google.com/{projectid }

    Is there any way to playfab to specify separately the HTTP used for validation of the issuer, and the actual issuer?

    Hi, after discussion with our team, we think those don't look like PlayFab errors. Are you actually trying to get Photon auth working? If so, @Hamza Lazaar can you help? Thanks.

  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
    • Toggle Comment visibility. Current Visibility: Viewable by all users

    I can not edit the original post. There is no Photon there (i missped). I am trying to access the PlayFab using the official SDK (from .net standard 2.0 in this case).

    The steps are:

    I have added a external Open Id Connector -> Settings -> Open ID. I named Firebase and I placed the keys and validation URL.

    Then i am calling the LoginWithOpenID using the Firebase named and the JWT token that is generated from Firebase.

    The error is generated from PlayFab and I suspect the reason: Firebase has the IssuerID as a project Id. In the PlayFab console you need to specify a validation URL for the Issuer (does include the project id but it starts with HTTPS).

    Can you help us with this?

    Hi, I am afraid this forum is not the best place for you to get a help, you may need to turn to other forums. Anyway, I found these threads that may help you:

    https://github.com/damienbod/angular-auth-oidc-client/issues/392

    https://social.msdn.microsoft.com/Forums/security/en-US/5038fdda-b545-4200-96b7-82e303591c70/audience-validation-failed?forum=WindowsAzureAD

  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
    • Toggle Comment visibility. Current Visibility: Viewable by all users

    Hi Citrus,

    Firebase issues valid JWT tokens and I was able to verify their signature. An example how to do this is: https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library

    As per the official OpenID Connect documentation, JWT token are used to authenticate the requests like they are documented here

    https://openid.net/developers/jwt/

    The official PlayFab documentation is saying that you can authenticate an OpenID Connect account. In the Settings panel, is written clearly that you need the name and the issuer. JWT by design has both of them.

    Are you sure you are not making a confusion when you state that PlayFab supports OpenID authentication? In case yes, can you describe what type of authentication?

    My guess is that PlayFab supports OpenID, however my problem is that the JWT token I have, as the issuer my Google Project id as an ISSUER, but PlayFab force me to write the ISSUER as an url. This force me to write the ISSUER to

    but my actual ISSUER from the JWT token is only the projectid with bold. This could explain the error which I have given upper.
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
    • Toggle Comment visibility. Current Visibility: Viewable by all users

    Yes, OpenID Connect uses JWT token to authenticate, and yes, Firebase issues valid JWT tokens for verifications. However, the key here is that Firebase is not a OpenID identiy provider or an issuer of oAuth tokens.

    >> Are you sure you are not making a confusion when you state that PlayFab supports OpenID authentication?

    Yes, PlayFab supports OpenID authentication.

    >> In case yes, can you describe what type of authentication?

    In the concept of OpenID, the issuer must be a URI in which the user can type his username and password or perform any other authentication methods to authenticate his identity, then redirect back to the website or application the user is accessing.

    By the way, Google’s OAuth 2.0 APIs can be used for both authentication and authorization, which means that you can utilize it to implement OpenID Connect. Here is the doc that talks about Google OpenID Connect which I think will help you understand OpenID Connect better.

     
    推荐文章
    Link管理   ·   51好读   ·   Sov5搜索   ·   小百科
    小百科 - 百科知识指南