C#•2y ago

Verify Google Id Token: FormatException

I'm using google sign in on my client. Before authenticating the user I want to Verify the ID Token which I get from the client. On the server side. I'm trying to validate the ID Token (jwt) by using

Google.Apis.Auth

Google.Apis.Auth

Google.Apis.Auth

Google.Apis.Auth nuget package. But I'm getting a format exception. Here is the code:

/// <summary>
///   Handler for verifying Google ID tokens.
/// </summary>
public class VerifyGoogleIdTokenHandler(IConfiguration configuration)
    : IRequestHandler<VerifyGoogleIdTokenCommand, Result<GoogleJsonWebSignature.Payload>>
{
    private readonly GoogleJsonWebSignature.ValidationSettings _settings = new()
    {
        Audience = new[]
        {
            configuration[ConfigurationKeys.GoogleWebClientId], configuration[ConfigurationKeys.GoogleAndroidClientId]
        }
    };

    public async Task<Result<GoogleJsonWebSignature.Payload>> Handle(VerifyGoogleIdTokenCommand request,
        CancellationToken cancellationToken)
    {
        try
        {
            var payload = await GoogleJsonWebSignature.ValidateAsync(request.IdToken, _settings);
            if (payload == null)
                throw new InvalidJwtException("Invalid ID token");

            return Result<GoogleJsonWebSignature.Payload>.Success(payload);
        }
        catch (Exception ex)
        {
            return Result<GoogleJsonWebSignature.Payload>.Failure("Invalid ID token", new[] { ex.ToString() }, 400);
        }
    }
}

/// <summary>
///   Handler for verifying Google ID tokens.
/// </summary>
public class VerifyGoogleIdTokenHandler(IConfiguration configuration)
    : IRequestHandler<VerifyGoogleIdTokenCommand, Result<GoogleJsonWebSignature.Payload>>
{
    private readonly GoogleJsonWebSignature.ValidationSettings _settings = new()
    {
        Audience = new[]
        {
            configuration[ConfigurationKeys.GoogleWebClientId], configuration[ConfigurationKeys.GoogleAndroidClientId]
        }
    };

    public async Task<Result<GoogleJsonWebSignature.Payload>> Handle(VerifyGoogleIdTokenCommand request,
        CancellationToken cancellationToken)
    {
        try
        {
            var payload = await GoogleJsonWebSignature.ValidateAsync(request.IdToken, _settings);
            if (payload == null)
                throw new InvalidJwtException("Invalid ID token");

            return Result<GoogleJsonWebSignature.Payload>.Success(payload);
        }
        catch (Exception ex)
        {
            return Result<GoogleJsonWebSignature.Payload>.Failure("Invalid ID token", new[] { ex.ToString() }, 400);
        }
    }
}

/// <summary>
///   Handler for verifying Google ID tokens.
/// </summary>
public class VerifyGoogleIdTokenHandler(IConfiguration configuration)
    : IRequestHandler<VerifyGoogleIdTokenCommand, Result<GoogleJsonWebSignature.Payload>>
{
    private readonly GoogleJsonWebSignature.ValidationSettings _settings = new()
    {
        Audience = new[]
        {
            configuration[ConfigurationKeys.GoogleWebClientId], configuration[ConfigurationKeys.GoogleAndroidClientId]
        }
    };

    public async Task<Result<GoogleJsonWebSignature.Payload>> Handle(VerifyGoogleIdTokenCommand request,
        CancellationToken cancellationToken)
    {
        try
        {
            var payload = await GoogleJsonWebSignature.ValidateAsync(request.IdToken, _settings);
            if (payload == null)
                throw new InvalidJwtException("Invalid ID token");

            return Result<GoogleJsonWebSignature.Payload>.Success(payload);
        }
        catch (Exception ex)
        {
            return Result<GoogleJsonWebSignature.Payload>.Failure("Invalid ID token", new[] { ex.ToString() }, 400);
        }
    }
}

/// <summary>
///   Handler for verifying Google ID tokens.
/// </summary>
public class VerifyGoogleIdTokenHandler(IConfiguration configuration)
    : IRequestHandler<VerifyGoogleIdTokenCommand, Result<GoogleJsonWebSignature.Payload>>
{
    private readonly GoogleJsonWebSignature.ValidationSettings _settings = new()
    {
        Audience = new[]
        {
            configuration[ConfigurationKeys.GoogleWebClientId], configuration[ConfigurationKeys.GoogleAndroidClientId]
        }
    };

    public async Task<Result<GoogleJsonWebSignature.Payload>> Handle(VerifyGoogleIdTokenCommand request,
        CancellationToken cancellationToken)
    {
        try
        {
            var payload = await GoogleJsonWebSignature.ValidateAsync(request.IdToken, _settings);
            if (payload == null)
                throw new InvalidJwtException("Invalid ID token");

            return Result<GoogleJsonWebSignature.Payload>.Success(payload);
        }
        catch (Exception ex)
        {
            return Result<GoogleJsonWebSignature.Payload>.Failure("Invalid ID token", new[] { ex.ToString() }, 400);
        }
    }
}

v0fbu1vmOP•2/1/24, 2:38 PM

Here is the exception:

System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
   at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
   at System.Convert.FromBase64String(String s)
   at Google.Apis.Auth.TokenEncodingHelpers.Base64UrlDecode(String base64Url)
   at Google.Apis.Auth.SignedToken`2.FromSignedToken(String signedToken)
   at Google.Apis.Auth.GoogleJsonWebSignature.ValidateInternalAsync(String jwt, ValidationSettings validationSettings)
   at Quotifyr.Features.Authentication.CommandHandlers.VerifyGoogleIdTokenHandler.Handle(VerifyGoogleIdTokenCommand request, CancellationToken cancellationToken) in E:\Projects\quotifyr\quotifyr-server\src\Features\Authentication\CommandHandlers\VerifyGoogleIdTokenHandler.cs:line 27

System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
   at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
   at System.Convert.FromBase64String(String s)
   at Google.Apis.Auth.TokenEncodingHelpers.Base64UrlDecode(String base64Url)
   at Google.Apis.Auth.SignedToken`2.FromSignedToken(String signedToken)
   at Google.Apis.Auth.GoogleJsonWebSignature.ValidateInternalAsync(String jwt, ValidationSettings validationSettings)
   at Quotifyr.Features.Authentication.CommandHandlers.VerifyGoogleIdTokenHandler.Handle(VerifyGoogleIdTokenCommand request, CancellationToken cancellationToken) in E:\Projects\quotifyr\quotifyr-server\src\Features\Authentication\CommandHandlers\VerifyGoogleIdTokenHandler.cs:line 27

System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength) at System.Convert.FromBase64String(String s) at Google.Apis.Auth.TokenEncodingHelpers.Base64UrlDecode(String base64Url) at Google.Apis.Auth.SignedToken`2.FromSignedToken(String signedToken) at Google.Apis.Auth.GoogleJsonWebSignature.ValidateInternalAsync(String jwt, ValidationSettings validationSettings) at Quotifyr.Features.Authentication.CommandHandlers.VerifyGoogleIdTokenHandler.Handle(VerifyGoogleIdTokenCommand request, CancellationToken cancellationToken) in E:\Projects\quotifyr\quotifyr-server\src\Features\Authentication\CommandHandlers\VerifyGoogleIdTokenHandler.cs:line 27

Verify Google Id Token: FormatException

Similar Threads

Similar Threads

Similar Threads