supabase
Not able to login using supabase + google login sdk in iOS app
Bug report
see this issue still exists today with GoogleSignIn flow and Supabase
I just configure
import GoogleSignIn
...
GIDSignIn.sharedInstance.configuration = GIDConfiguration(clientID: clientId)
await GIDSignIn.sharedInstance.signIn(withPresenting: presentingViewController)
Once I receive id_token and accessToken, try to hit supabase
await supabase.auth.signInWithIdToken(
credentials: OpenIDConnectCredentials(
provider: .google,
idToken: idToken,
accessToken: accessToken
)
But I am seeing this error
Supabase authentication failed: api(message: "Passed nonce and nonce in id_token should either both exist or not.", errorCode: Auth.ErrorCode(rawValue: "unknown"), underlyingData: 117 bytes, underlyingResponse: <NSHTTPURLResponse: 0x12dd38b80> { URL: [https://nrmvznqrahftxodgrygq.supabase.co/auth/v1/token?grant_type=id_token](vscode-file://vscode-app/Applications/Visual%20Studio%20Code.app/Contents/Resources/app/out/vs/code/electron-sandbox/workbench/workbench.html) }
I configured correctly both google cloud and supabase authentication. Not sure why?
I validated that id_token contains a nonce field which is generated by google itself, I didn't pass any custom nonce.
@ashislaha
https://github.com/openid/AppAuth-iOS/blob/e191b1beadf3041259652e6e464eaceff16e5fbb/Source/AppAuthCore/OIDAuthorizationRequest.h#L99-L108
if no nonce is supplied it gets auto added by appauth in ios
i believe you need to generate a nonce, hash with sha-256, supply that with your signing request to google, then to supabase pass your original nonce, as supabase will sha-256 that and compare with whats inside the id_token.
@ashislaha I self-hosted Supabase and had the same issue.
Solution: Try to add GOTRUE_EXTERNAL_GOOGLE_SKIP_NONCE_CHECK: true to your docker-compose.yml if you're self-hosting:
auth:
environment:
GOTRUE_EXTERNAL_GOOGLE_SKIP_NONCE_CHECK: true
