Native Sign In

[bdlukaa]

Feature request

Is your feature request related to a problem? Please describe.

I want to sign in using a sign in provider, but the current implementation is not good. Launching the browser is not a good user experience.

Describe the solution you'd like

Use the google_sign_in package to sign the user in using Google and sign_in_with_apple to sign the user in using Apple.

Both of the packages return the user credentials, so, if I could sign in using the user credentials (just like Firebase does), it'd be great!

Aditional context

If launching the brower will still be the current solution, we could have in-app-handling.
By default, Android opens up a browser when handling URLs. You can pass forceWebView: true parameter to tell the plugin to open a WebView instead.

[himeshp]

+1, I have been waiting for this implementation.

[dshukertjr]

There needs to be some work done on the server side, but once that is done, we should be able to add this feature!
Related issue from GoTrue repo: supabase/auth#140

[bdlukaa]

Depend on supabase/auth-js#169

[DanMossa]

Made a PR to bring this to Dart
supabase/gotrue-dart#61

[fabios9702]

Hello, I've implemented Sign In with Apple in my App, but on iOS instead of opening the sign in sheet in the app, it opens safari with Sign In with Apple the then the user is redirect in the app, I'm calling the function like this:

supabase.auth.signInWithProvider( Provider.apple, options: AuthOptions( redirectTo: 'io.supabase.flutterquickstart://login-callback/'), );

Is it possible to open the sheet directly in the app and ket the user sign in, I've tried getting the credential and then passing to su-abase, but I always got an error of missing 'expires_in' parameters.
Anyone has a solution?

I'm using su-abase 0.3.6 version on flutter

[nextdev1111]

When will it be implemented

[Aurion72]

Hello, I've implemented Sign In with Apple in my App, but on iOS instead of opening the sign in sheet in the app, it opens safari with Sign In with Apple the then the user is redirect in the app, I'm calling the function like this:

supabase.auth.signInWithProvider( Provider.apple, options: AuthOptions( redirectTo: 'io.supabase.flutterquickstart://login-callback/'), );

Is it possible to open the sheet directly in the app and ket the user sign in, I've tried getting the credential and then passing to su-abase, but I always got an error of missing 'expires_in' parameters. Anyone has a solution?

I'm using su-abase 0.3.6 version on flutter

Hello, if you have any solutions for this i take it :)

[hmarat]

@dshukertjr hey :) Do you have even a little progress? We all waiting for it )

[dshukertjr]

Thanks everyone for waiting patiently for this feature. Security comes first at Supabase, and we are making sure this feature lands securely when it does. Because of that, it is taking time.

Again, thank you all so much for the patients.

[hmarat]

Hey @dshukertjr I have too ask you again about approximate TIME of this feature, because we should decide start it with firebase or wait for supabase. Thank you!

[bdlukaa]

As far as I can tell (and by the context of this issue and the library itself), native sign in has already been achieved with signInWithOpenIDConnect. Yet, it needs some improvements and we'd like to provide a effortless solution for the developer, that's why this isn't marked as complete yet.

I also recall some issues with it on iOS. Currently, the bug-fixes are a priority, but we're looking forward to implement this feature for the stable 1.0.

[dshukertjr]

@bdlukaa Thanks for chiming in.

@hmarat Sorry but unfortunately I'm afraid there is no definite timeline that we can share. You can try out this method in the mean while.

[hmarat]

@dshukertjr I don't see it in supabase_flutter :(

[dshukertjr]

@himeshp
It is there, but not documented . You can see this PR to see how it works, but there are still some missing pieces, so it is not yet fully supported.

    Supabase.instance.client.auth.signIn(oidc: OpenIDConnectCredentials());

[hmarat]

@dshukertjr Oh, that's very good!

1. Does it mean that I should get for example idToken of user with google sign in, and just call that api with providers.google?
2. For both signup and sign in cases .signIn() method should be used??
   Thanks in advance!

[hmarat]

I'm doing in that way but always get null 🤔

[hmarat]

@dshukertjr here is the log :)

[hmarat]

@dshukertjr do you have even rest api for creating user? So we can write some cloud function or do it in my backend?

[hmarat]

@bdlukaa maybe you can help me with openID api? Whatever I do, it returns null and does not create new users! The project's progress is stopped because of auth(

[dshukertjr]

@himeshp

do you have even rest api for creating user? So we can write some cloud function or do it in my backend?

Here is an api to create a user

[ZetiMente]

I'm confused a little. We can do the auth today but it is via web, but the way to do it natively exist but isn't being documented & endorsed ?

[dshukertjr]

@ZetiMente The current implementation is half baked, and there needs to be some additional work to be done on the backend.

[ozasadnyy]

Hey @dshukertjr, thanks for the video and article! Do you plan to support google_sign_in library in the future? It would save a lot of boilerplate.

[dshukertjr]

@ozasadnyy Hopefully yes, but the iOS version of Google sign in library has an issue where it does not allow the user to set their own nonce, which creates an security issue. Once this is fixed, developers can use the google sign in library with Supabase.
google/GoogleSignIn-iOS#135 (comment)

[mohsin2596]

@dshukertjr After adding sign in with google to my Flutter app (iOS) and signing in with the same account I use for sign in with apple I started getting this error on Sign in with Apple (iOS)

Unhandled Exception: AuthException(message: Unacceptable audience in id_token, statusCode: 400)

[dshukertjr]

@mohsin2596
Hmm, from the error message, it seems like you haven't added your app's bundle ID in your Supabase dashboard under auth>providers>Apple, but could you double check it?

[mohsin2596]

@dshukertjr I can confirm that auth providers on dashboard are setup correctly. This error only popped up for me when I updated Supabase to the latest package and allowed users to use Sign in with Google along with Sign in with Apple

[dshukertjr]

@mohsin2596 From your Supabase dashboard, could you take a look at the auth logs under logs>auth? There you can see more detailed error messages typically.

[mohsin2596]

@mohsin2596 From your Supabase dashboard, could you take a look at the auth logs under logs>auth? There you can see more detailed error messages typically.

Log ID
bf80622d-2619-425c-9949-7add576f669f

Log Timestamp (UTC)
2023-08-21T18:57:56.000Z

Log Event Message
{"component":"api","error":"invalid request: Unacceptable audience in id_token","level":"info","method":"POST","msg":"invalid request: Unacceptable audience in id_token","path":"/token","referer":"","remote_addr":"***","time":"2023-08-21T18:57:56Z","timestamp":"2023-08-21T18:57:55Z"}

Log Metadata
[
  {
    "message": null,
    "timestamp": "2023-08-21T18:57:55Z",
    "__MONOTONIC_TIMESTAMP": null,
    "CODE_FUNC": null,
    "instance_id": null,
    "status": null,
    "_CMDLINE": null,
    "method": "POST",
    "_SYSTEMD_CGROUP": null,
    "CODE_FILE": null,
    "EXECUTABLE": null,
    "_EXE": null,
    "UNIT": null,
    "level": "info",
    "_COMM": null,
    "duration": null,
    "issuer": null,
    "_LINE_BREAK": null,
    "_SOURCE_REALTIME_TIMESTAMP": null,
    "msg": "invalid request: Unacceptable audience in id_token",
    "action": null,
    "login_method": null,
    "_UID": null,
    "host": "db-erlrzretcsxoskhdifia",
    "PRIORITY": null,
    "_CAP_EFFECTIVE": null,
    "_PID": null,
    "INVOCATION_ID": null,
    "_SYSTEMD_UNIT": null,
    "source_type": null,
    "SYSLOG_FACILITY": null,
    "request_id": null,
    "CODE_LINE": null,
    "path": "/token",
    "component": "api",
    "project": null,
    "user_id": null,
    "auth_event": [],
    "args": [],
    "referer": null,
    "factor_id": null,
    "provider": null,
    "client_id": null,
    "remote_addr": "77.16.48.222",
    "_SYSTEMD_SLICE": null,
    "_SYSTEMD_INVOCATION_ID": null,
    "header": null,
    "_MACHINE_ID": null,
    "_AUDIT_LOGINUID": null,
    "_TRANSPORT": null,
    "_SELINUX_CONTEXT": null,
    "MESSAGE_ID": null,
    "__REALTIME_TIMESTAMP": null,
    "metadata": [],
    "_STREAM_ID": null,
    "metering": null,
    "time": null,
    "_GID": null,
    "_BOOT_ID": null,
    "SYSLOG_IDENTIFIER": null,
    "_AUDIT_SESSION": null,
    "error": "invalid request: Unacceptable audience in id_token"
  }
]

[mohsin2596]

Has anybody come across this issue? My app has been rejected by app review and I cant move forward without having it working

Edit:
Some people have started reporting the issue on reddit too https://www.reddit.com/r/Supabase/comments/15lgyrb/does_anyone_have_an_example_of_native_not_oauth/

[dshukertjr]

@mohsin2596
I have opened an issue on Gotrue repo. Our auth team will take a look at it soon.

[dshukertjr]

@mohsin2596
Would you be able to submit a support ticket about this one? It might be a instance specific thing.

https://supabase.com/dashboard/support/new

[mohsin2596]

@dshukertjr done. Will update here if it was instance related

[mohsin2596]

@dshukertjr After disabling and enabling the provider again it started working

[wiverson]

So, on Friday (apx 8/25) my Supabase instance started rejecting Sign In With Apple (native dialog). The relevant section in my logs was this one (redacted IP address):

{"component":"api","error":"invalid request: Unacceptable audience in id_token","level":"info","method":"POST","msg":"invalid request: Unacceptable audience in id_token","path":"/token","referer":"http://localhost:3000","remote_addr":"my ip address","time":"2023-08-29T18:21:59Z","timestamp":"2023-08-29T18:21:59Z"}

At first I thought this was an issue with Apple but it turned out to be Supabase. After a weekend of not having Sign in with Apple working I found this thread and flipping it off and back on again everything started working again.

Not sure what happened on the server side but ugh. :/

[dshukertjr]

@mohsin2596 @wiverson Thanks for reporting. We are looking into it.

[bitnom]

@mohsin2596 @wiverson Thanks for reporting. We are looking into it.

Any update on this? Same error is happening when attempting to perform Google sign-in in Swift.

[mohsin2596]

@mohsin2596 @wiverson Thanks for reporting. We are looking into it.

Any update on this? Same error is happening when attempting to perform Google sign-in in Swift.

@bitnom Make sure you have comma separated values under Authorized Client IDs in Google Provider for both iOS and Android.

[wiverson]

FWIW no update on my end other than after flipping off & on again things still seem to be working.

[tobi404]

So, on Friday (apx 8/25) my Supabase instance started rejecting Sign In With Apple (native dialog). The relevant section in my logs was this one (redacted IP address):

{"component":"api","error":"invalid request: Unacceptable audience in id_token","level":"info","method":"POST","msg":"invalid request: Unacceptable audience in id_token","path":"/token","referer":"http://localhost:3000","remote_addr":"my ip address","time":"2023-08-29T18:21:59Z","timestamp":"2023-08-29T18:21:59Z"}

At first I thought this was an issue with Apple but it turned out to be Supabase. After a weekend of not having Sign in with Apple working I found this thread and flipping it off and back on again everything started working again.

Not sure what happened on the server side but ugh. :/

This worked for me 🤷🏻‍♂️

[flikkr]

I'm facing this issue and tried several approaches unsuccessfully. Google provider is enabled in dashboard and I copied over my Android client id in the Authorized Client IDs field, and skip nonce check. I try doing login on my Android device using the code provided in the README:

Future<AuthResponse> login() async {
  final GoogleSignIn googleSignIn = GoogleSignIn(
    clientId: Env.googleAuthAndroidClientId,
    serverClientId: Env.googleAuthWebClientId,
  );

  final googleUser = await googleSignIn.signIn();
  final googleAuth = await googleUser!.authentication;
  final accessToken = googleAuth.accessToken;
  final idToken = googleAuth.idToken;

  // TODO: cleanup
  if (accessToken == null) {
    throw 'No Access Token found.';
  }
  if (idToken == null) {
    throw 'No ID Token found.';
  }

  return Supabase.instance.client.auth.signInWithIdToken(
    provider: Provider.google,
    idToken: idToken,
    accessToken: accessToken,
  );
}

I feel like I'm running out of ideas as to what to do. I tried disabling/enabling provider to no success. Dashboard logs show this error.

{"component":"api","error":"invalid request: Unacceptable audience in id_token","level":"info","method":"POST","msg":"invalid request: Unacceptable audience in id_token","path":"/token","referer":"http://localhost:3000","remote_addr":"218.212.109.252","time":"2023-12-06T16:38:21Z","timestamp":"2023-12-06T16:38:21Z"}

[dshukertjr]

@flikkr

Google provider is enabled in dashboard and I copied over my Android client id in the Authorized Client IDs field

Confusingly, you need to copy over the web client ID into your Supabase dashboard, and not the Android client ID.

We can probably update the readme to emphasize more on this.

[flikkr]

@dshukertjr Thanks, can confirm this fixed my issue!

[BGM-109]

@dshukertjr same....here