Verifying Google Sign-In tokens on backend: Audience mismatch issue

I’m stuck with a problem in my app’s Google Sign-In process. The frontend part works fine. I get the ID token from Google and send it to my backend. But when I try to verify this token on the server, I keep getting an error about the wrong audience.

Here’s what I’ve done so far:

  1. Set up Google Sign-In in my app
  2. Got the ID token and sent it to my backend
  3. Tried to verify the token on the server using the google-auth-library

The verification step always fails with this error: “Wrong recipient, payload audience != requiredAudience”

I’ve tried using the client ID from my google-services.json file and even created new credentials in the Google Cloud Console. But nothing seems to work.

Does anyone know how to fix this audience mismatch problem? What am I missing in the token verification process?

// Server-side code (simplified)
const auth = new OAuth2Client(CLIENT_ID);

async function verifyToken(token) {
  const ticket = await auth.verifyIdToken({
    idToken: token,
    audience: CLIENT_ID
  });
  const payload = ticket.getPayload();
  // Process payload...
}

Any help would be appreciated!

yo finn, been there! check ur google cloud console. sometimes the client ID for web app differs from the one for android/iOS. make sure ur using the right one on backend. also, double-check if ur token is fresh. expired tokens can cause weird errors too. good luck!

hey there! have you checked if the CLIENT_ID on the backend matches the one in your google-services.json file? sometimes they get mixed up. also, try logging the token payload audience to see what’s coming through. what do you think?

It’s worth considering that the audience mismatch might be due to using different OAuth 2.0 client IDs for your frontend and backend. Ensure you’re using the correct client ID for the platform where the token was generated. Additionally, verify that your backend is configured to accept tokens from the specific Google API project associated with your app. Logging the full token payload on the server side can provide valuable insights into what audience value is actually present in the token. If the issue persists, review your Google Cloud Console settings to confirm all configurations are aligned across your project components.