EspAuthenticator does not work for google_id_token

[gbhall]

Based on https://github.com/GoogleCloudPlatform/java-docs-samples/blob/master/appengine/endpoints-frameworks-v2/backend/src/main/java/com/example/echo/Echo.java#L128

  @ApiMethod(
      httpMethod = ApiMethod.HttpMethod.GET,
      authenticators = {EspAuthenticator.class},
      audiences = {"YOUR_OAUTH_CLIENT_ID"},
      clientIds = {"YOUR_OAUTH_CLIENT_ID"}
      )
  public Email getUserEmail(User user) throws UnauthorizedException {
    if (user == null) {
      throw new UnauthorizedException("Invalid credentials");
    }

    Email response = new Email();
    response.setEmail(user.getEmail());
    return response;
  }

I receive a 401 "Invalid credentials" response unless I delete the line authenticators = {EspAuthenticator.class},, in which case once EspAuthenticator is removed it continues to work.

Tested using API Explorer.

I get the following error in Stackdriver:

com.google.api.server.spi.auth.EspAuthenticator authenticate: Authentication failed: com.google.common.util.concurrent.UncheckedExecutionException: com.google.api.auth.UnauthenticatedException: org.jose4j.jwt.consumer.InvalidJwtException: Unable to process JOSE object (cause: org.jose4j.lang.JoseException: Invalid JOSE Compact Serialization. Expecting either 3 or 5 parts for JWS or JWE respectively but was 2.): ya29.GlsjBAwcRb-NJa5B8rhIKPRRFr0xr06r9wbQ5DeeUE9qGxjPBWCVTxWj-9Lj390czP75kbS_7Jp5kv5lTtVHp4AYodU_JoJez-9SELB_L1GXgiW58GdIY29g1exE (EspAuthenticator.java:86)

[gbhall]

Please see https://stackoverflow.com/questions/43218379/authenticating-users-using-firebase-and-google-on-cloud-endpoints-and-api-expl for more.

[lesv]

@frankyn PTAL

[frankyn]

Hi @gbhall!

After reading, it seems the stack overflow response was able to solve your issue.

Please feel free to reopen if this persists or file new issues!