I am working on an android app that uses google+ OAuth2 for authentication and a node js backend/API that needs to be secured. I have decided to use google+ tokens and by sending them along with each api call, I want to verify that the token really is from google. I am currently using jsonwebtoken from the npm and a google pem file from this link.
The problem I am getting is that whenever I verify the token, I always receive an error:
{ name: 'JsonWebTokenError', message: 'jwt malformed' }
Here's my code on the node side:
var verifyToken = function(token) {
var cert = fs.readFileSync(__dirname + '/googlepublic.pem');
try {
//returns a JsonWebToken
var decoded = jwt.verify(token, cert);
} catch(err) {
// err
console.log(err);
return "false";
}
console.log("I received response for verifyToken! " + decoded);
return decoded;
}
I know the token is right because I've verified with the google verification endpoint before, I just want to be able to verify locally.