Unable to verify the ID Token: jwt.split is not a function

Question

I am trying to verify Google ID Token on Node.js server.

I am getting this error:

Unable to verify the ID Token: jwt.split is not a function

Here is the link of code that I am following from Google's official documentation:

Google Identity Toolkit Node

Check idToken from client side is undefined / null or not – Shanu T Thankachan Mar 24 '21 at 11:12 — Shanu T Thankachan, Mar 24 '21 at 11:12

score 1 · Answer 1 · edited Oct 07 '21 at 07:27

1

Looks like you need to install a jwt framework like this or this.
I believe that you need the first link for the server and possible the second link for the website (more info on the website here).

edited Oct 07 '21 at 07:27

Community

1
1

answered Jun 27 '16 at 15:09

Bryan Euton

919
5
12

I have installed google-oauth-jwt and jwt, both but still the error persists. – Master Jun 28 '16 at 12:28
@Master, Are you following this quick start? https://developers.google.com/identity/toolkit/web/quickstart/nodejs#step_2_configure_the_quick-start_app – Bryan Euton Jun 28 '16 at 15:48
Yea, I am following it. Right now error is changed to :Key must be a buffer? – Master Jun 29 '16 at 01:04
Did you ever find the fix? I am having the same error. If any luck please post an answer – Hunter Jul 09 '19 at 16:10

score 0 · Answer 2 · answered Jan 06 '19 at 20:00

In my scenario, locally it worked like a charm, but inside AWS lambda, it caused the same error reported, so I've endup using this URL and Axios(you can use any HTTP client) to check the token validity and domain of the user:

https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={id_token}

This is the idea:

//googleTokenValidatorService
const ENV = require('../config.json');
const AXIOS = require('axios');
function getToken(token) {
  return AXIOS.get(ENV.GOOGLE_VALIDATION_URL + token)
}

function validate(token){
  return new Promise((resolve, reject) => { 
    getToken(token)
      .then(
        (response) => {
          if(isTokenOk(response.data)){
            resolve(response.data)
          }else{
            reject({status:401, message:"You do not have permission to access this resource."})
          }
        },
        (error) => {
          console.log("--- status  " + error.response.status + " with token")
          console.log(token)
          reject({status:401, message:"Invalid google token."}) 
        }
      )
  })
}

const acceptableHds = new Set(
  ['validDomain1.com', 'validDomain2.com']
);

const acceptableClientIDs = new Set(
  [ENV.CLIENT_ID_WEB,ENV.CLIENT_ID_IOS, ENV.CLIENT_ID_ANDROID]
)

function isTokenOk(payload){
  return payload &&
    new Date(payload.exp * 1000) > new Date() &&
    acceptableClientIDs.has(payload.aud) &&
    acceptableHds.has(payload.hd)
}

module.exports = { 
  validate
}

And then used it to validate before executing some action:

    //some other file
return googleUserValidator.validate(request.headers.token)
.then(productService.getProductDetails.bind({id:request.pathParams.id}))
                    .then(OK)
                    .catch(SERVER_ERROR);

It was enough for me, hope it helps someone.

Unable to verify the ID Token: jwt.split is not a function

2 Answers2