Backend token validation failing for Google OAuth authentication

Ryan_Nebula · August 22, 2025, 1:29pm

I’m trying to set up Google OAuth in my mobile app and having issues with server-side token validation. The frontend part works perfectly fine.

Frontend code:

const userAccount = await authService.authenticate();
const credentials = await userAccount.authData;
const idToken = credentials.accessToken;

Backend validation code:

const serviceConfig = require('./google-config.json');
const { OAuth2Client } = require('google-auth-library');
const authClient = new OAuth2Client(serviceConfig.web.client_id);

const verificationResult = await authClient.verifyIdToken({
    idToken: receivedToken,
    audience: serviceConfig.web.client_id
});
const userInfo = verificationResult.getPayload();

I keep getting the error message “Wrong recipient, payload audience != requiredAudience” when trying to validate the token on my Node.js backend. I’m using the same configuration file on both client and server sides.

I also created new credentials through Google Cloud Platform console but still getting the same error. What’s the correct way to find the right client_id for token verification?

SwiftCoder15 · September 1, 2025, 7:21am

This issue arises when the credentials for your mobile app do not align with those of your web app. Since your application is mobile-based, utilize the mobile client ID from the Google Cloud Console instead of the web client ID. Verify you have created platform-specific credentials (Android or iOS) in the OAuth 2.0 section. Ensure that your verification code aligns with the mobile client ID and that the frontend authentication is correctly configured to use the respective mobile client ID during the OAuth flow, as this establishes the audience field in your token.

Zack_88Surf · August 30, 2025, 8:27pm

Wait, are you mixing up OAuth flows? What kind of mobile app - native or hybrid? Also, did u download your google-config.json for web or mobile credentials? This audience mismatch usually happens when there’s a config mixup between platforms.

Maya_91Dance · August 29, 2025, 5:36am

ur using accessToken instead of idToken in ur frontend. change const idToken = credentials.accessToken; to const idToken = credentials.idToken; - that’s why ur audience validation is failing. access tokens and ID tokens have different audiences.