Firebase ID token from client App gives Exception on Java backend verification

Question

I've just started using Firebase. React app + Java backend.

React side authorization works well however when I send user's id token to backend and try to verify is using firebase library I get an exception.

I took all code from documentation.

in js client:

firebase.auth().currentUser.getToken(/* forceRefresh */ true).then(function(idToken)...

In java this fails:

FirebaseToken decodedToken = FirebaseAuth.getInstance().verifyIdTokenAsync(idToken).get();
String uid = decodedToken.getUid();

gives me:

java.lang.IllegalArgumentException: null
    at com.google.api.client.repackaged.com.google.common.base.Preconditions.checkArgument(Preconditions.java:111) ~[google-http-client-1.22.0.jar:1.22.0]
    at com.google.api.client.util.Preconditions.checkArgument(Preconditions.java:37) ~[google-http-client-1.22.0.jar:1.22.0]
    at com.google.api.client.json.webtoken.JsonWebSignature$Parser.parse(JsonWebSignature.java:602) ~[google-http-client-1.22.0.jar:1.22.0]
    at com.google.firebase.auth.FirebaseToken.parse(FirebaseToken.java:44) ~[firebase-admin-5.5.0.jar:na]
    at com.google.firebase.auth.FirebaseAuth$2.call(FirebaseAuth.java:213) ~[firebase-admin-5.5.0.jar:na]
    at com.google.firebase.auth.FirebaseAuth$2.call(FirebaseAuth.java:204) ~[firebase-admin-5.5.0.jar:na]
    at com.google.firebase.tasks.Tasks$1.run(Tasks.java:82) ~[firebase-admin-5.5.0.jar:na]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[na:1.8.0_151]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[na:1.8.0_151]
    at java.lang.Thread.run(Thread.java:748) [na:1.8.0_151]

I am using - com.google.firebase - firebase-admin - version 5.5.0

Database operations and user retrieval by uid works flawlessly in the java backend.

I downloaded all the java sources to trace the error and I found out that "dot" check fails

Preconditions.checkArgument(secondDot != -1);

in class JsonWebSignature package com.google.api.client.json.webtoken google-http-client-1.22.0.jar

public JsonWebSignature parse(String tokenString) throws IOException {
      // split on the dots
      int firstDot = tokenString.indexOf('.');
      Preconditions.checkArgument(firstDot != -1);
      byte[] headerBytes = Base64.decodeBase64(tokenString.substring(0, firstDot));
      int secondDot = tokenString.indexOf('.', firstDot + 1);
      Preconditions.checkArgument(secondDot != -1);
      Preconditions.checkArgument(tokenString.indexOf('.', secondDot + 1) == -1);
     ...

When I add dot to the end of the token then check passess and I get user back. I wonder if I am doing something wrong.. is my token in correct format or java is overeager in checking validity

Token that I receive from firebase js client is of format "Header.Payload" it does not contain second dot as in JWS RFC "Header.Payload.Signature"

Is the problem with webtoken validation and second dot is not required by spec or is firebase lib to blame for such token ? Or am I wrong somewhere.

Any help will be appreciated as I am going crazy :)