I'm getting this error when using Firebase Admin API to verify user's authentication token obtained from android client from the back-end server -
com.google.firebase.auth.FirebaseAuthException: Firebase ID token has incorrect "aud" (audience) claim. Expected "xxxxx" but got "yyyyy.apps.googleusercontent.com". Make sure the ID token comes from the same Firebase project as the service account used to authenticate this SDK. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.
I find that that xxxx is the firebase ID and yyyy is the oAuthClient/clientId in the google-services.json of the Android app (client).
Anyone knows the fix (or get around) for this?
As bojeil commented, I was using Google ID token and not the firebase one.
Appending comment here -
You seem to be verifying a Google ID token and not a Firebase ID token. That is the aud for Google ID tokens. To get the Firebase ID token, you need to call FirebaseUser.getToken()