Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Native Sign In #5

Closed
bdlukaa opened this issue Jul 22, 2021 · 97 comments
Closed

Native Sign In #5

bdlukaa opened this issue Jul 22, 2021 · 97 comments
Labels
auth This issue or pull request is related to authentication enhancement New feature or request

Comments

@bdlukaa
Copy link
Collaborator

bdlukaa commented Jul 22, 2021

Feature request

Is your feature request related to a problem? Please describe.

I want to sign in using a sign in provider, but the current implementation is not good. Launching the browser is not a good user experience.

Describe the solution you'd like

Use the google_sign_in package to sign the user in using Google and sign_in_with_apple to sign the user in using Apple.

Both of the packages return the user credentials, so, if I could sign in using the user credentials (just like Firebase does), it'd be great!

Aditional context

If launching the brower will still be the current solution, we could have in-app-handling.
By default, Android opens up a browser when handling URLs. You can pass forceWebView: true parameter to tell the plugin to open a WebView instead.

@bdlukaa bdlukaa added the enhancement New feature or request label Jul 22, 2021
@himeshp
Copy link

himeshp commented Jul 22, 2021

+1, I have been waiting for this implementation.

@dshukertjr
Copy link
Member

dshukertjr commented Jul 22, 2021

There needs to be some work done on the server side, but once that is done, we should be able to add this feature!
Related issue from GoTrue repo: supabase/auth#140

@bdlukaa
Copy link
Collaborator Author

bdlukaa commented Dec 1, 2021

Depend on supabase/auth-js#169

@DanMossa
Copy link
Collaborator

Made a PR to bring this to Dart
supabase/gotrue-dart#61

@fabios9702
Copy link

fabios9702 commented Jul 15, 2022

Hello, I've implemented Sign In with Apple in my App, but on iOS instead of opening the sign in sheet in the app, it opens safari with Sign In with Apple the then the user is redirect in the app, I'm calling the function like this:

supabase.auth.signInWithProvider( Provider.apple, options: AuthOptions( redirectTo: 'io.supabase.flutterquickstart://login-callback/'), );

Is it possible to open the sheet directly in the app and ket the user sign in, I've tried getting the credential and then passing to su-abase, but I always got an error of missing 'expires_in' parameters.
Anyone has a solution?

I'm using su-abase 0.3.6 version on flutter

@nextdev1111
Copy link

When will it be implemented

@TonyFresneau
Copy link

Hello, I've implemented Sign In with Apple in my App, but on iOS instead of opening the sign in sheet in the app, it opens safari with Sign In with Apple the then the user is redirect in the app, I'm calling the function like this:

supabase.auth.signInWithProvider( Provider.apple, options: AuthOptions( redirectTo: 'io.supabase.flutterquickstart://login-callback/'), );

Is it possible to open the sheet directly in the app and ket the user sign in, I've tried getting the credential and then passing to su-abase, but I always got an error of missing 'expires_in' parameters. Anyone has a solution?

I'm using su-abase 0.3.6 version on flutter

Hello, if you have any solutions for this i take it :)

@hmarat
Copy link

hmarat commented Aug 13, 2022

@dshukertjr hey :) Do you have even a little progress? We all waiting for it )

@dshukertjr
Copy link
Member

Thanks everyone for waiting patiently for this feature. Security comes first at Supabase, and we are making sure this feature lands securely when it does. Because of that, it is taking time.

Again, thank you all so much for the patients.

@hmarat
Copy link

hmarat commented Aug 19, 2022

Hey @dshukertjr I have too ask you again about approximate TIME of this feature, because we should decide start it with firebase or wait for supabase. Thank you!

@bdlukaa
Copy link
Collaborator Author

bdlukaa commented Aug 20, 2022

As far as I can tell (and by the context of this issue and the library itself), native sign in has already been achieved with signInWithOpenIDConnect. Yet, it needs some improvements and we'd like to provide a effortless solution for the developer, that's why this isn't marked as complete yet.

I also recall some issues with it on iOS. Currently, the bug-fixes are a priority, but we're looking forward to implement this feature for the stable 1.0.

@dshukertjr
Copy link
Member

@bdlukaa Thanks for chiming in.

@hmarat Sorry but unfortunately I'm afraid there is no definite timeline that we can share. You can try out this method in the mean while.

@hmarat
Copy link

hmarat commented Aug 20, 2022

@dshukertjr I don't see it in supabase_flutter :(

@dshukertjr
Copy link
Member

@himeshp
It is there, but not documented . You can see this PR to see how it works, but there are still some missing pieces, so it is not yet fully supported.

    Supabase.instance.client.auth.signIn(oidc: OpenIDConnectCredentials());

@hmarat
Copy link

hmarat commented Aug 20, 2022

@dshukertjr Oh, that's very good!

  1. Does it mean that I should get for example idToken of user with google sign in, and just call that api with providers.google?
  2. For both signup and sign in cases .signIn() method should be used??
    Thanks in advance!

@hmarat
Copy link

hmarat commented Aug 20, 2022

I'm doing in that way but always get null 🤔

@hmarat
Copy link

hmarat commented Aug 21, 2022

image
@dshukertjr here is the log :)

@hmarat
Copy link

hmarat commented Aug 24, 2022

@dshukertjr do you have even rest api for creating user? So we can write some cloud function or do it in my backend?

@hmarat
Copy link

hmarat commented Aug 24, 2022

@bdlukaa maybe you can help me with openID api? Whatever I do, it returns null and does not create new users! The project's progress is stopped because of auth(

@dshukertjr
Copy link
Member

@himeshp

do you have even rest api for creating user? So we can write some cloud function or do it in my backend?

Here is an api to create a user

@ZetiMente
Copy link

I'm confused a little. We can do the auth today but it is via web, but the way to do it natively exist but isn't being documented & endorsed ?

@dshukertjr
Copy link
Member

@ZetiMente The current implementation is half baked, and there needs to be some additional work to be done on the backend.

@ozasadnyy
Copy link
Contributor

Hey @dshukertjr, thanks for the video and article! Do you plan to support google_sign_in library in the future? It would save a lot of boilerplate.

@dshukertjr
Copy link
Member

@ozasadnyy Hopefully yes, but the iOS version of Google sign in library has an issue where it does not allow the user to set their own nonce, which creates an security issue. Once this is fixed, developers can use the google sign in library with Supabase.
google/GoogleSignIn-iOS#135 (comment)

@mohsin2596
Copy link

@dshukertjr After adding sign in with google to my Flutter app (iOS) and signing in with the same account I use for sign in with apple I started getting this error on Sign in with Apple (iOS)

Unhandled Exception: AuthException(message: Unacceptable audience in id_token, statusCode: 400)

@dshukertjr
Copy link
Member

@mohsin2596
Hmm, from the error message, it seems like you haven't added your app's bundle ID in your Supabase dashboard under auth>providers>Apple, but could you double check it?

@mohsin2596
Copy link

@dshukertjr I can confirm that auth providers on dashboard are setup correctly. This error only popped up for me when I updated Supabase to the latest package and allowed users to use Sign in with Google along with Sign in with Apple

@dshukertjr
Copy link
Member

@mohsin2596 From your Supabase dashboard, could you take a look at the auth logs under logs>auth? There you can see more detailed error messages typically.

@mohsin2596
Copy link

mohsin2596 commented Aug 22, 2023

@mohsin2596 From your Supabase dashboard, could you take a look at the auth logs under logs>auth? There you can see more detailed error messages typically.

Log ID
bf80622d-2619-425c-9949-7add576f669f

Log Timestamp (UTC)
2023-08-21T18:57:56.000Z

Log Event Message
{"component":"api","error":"invalid request: Unacceptable audience in id_token","level":"info","method":"POST","msg":"invalid request: Unacceptable audience in id_token","path":"/token","referer":"","remote_addr":"***","time":"2023-08-21T18:57:56Z","timestamp":"2023-08-21T18:57:55Z"}

Log Metadata
[
  {
    "message": null,
    "timestamp": "2023-08-21T18:57:55Z",
    "__MONOTONIC_TIMESTAMP": null,
    "CODE_FUNC": null,
    "instance_id": null,
    "status": null,
    "_CMDLINE": null,
    "method": "POST",
    "_SYSTEMD_CGROUP": null,
    "CODE_FILE": null,
    "EXECUTABLE": null,
    "_EXE": null,
    "UNIT": null,
    "level": "info",
    "_COMM": null,
    "duration": null,
    "issuer": null,
    "_LINE_BREAK": null,
    "_SOURCE_REALTIME_TIMESTAMP": null,
    "msg": "invalid request: Unacceptable audience in id_token",
    "action": null,
    "login_method": null,
    "_UID": null,
    "host": "db-erlrzretcsxoskhdifia",
    "PRIORITY": null,
    "_CAP_EFFECTIVE": null,
    "_PID": null,
    "INVOCATION_ID": null,
    "_SYSTEMD_UNIT": null,
    "source_type": null,
    "SYSLOG_FACILITY": null,
    "request_id": null,
    "CODE_LINE": null,
    "path": "/token",
    "component": "api",
    "project": null,
    "user_id": null,
    "auth_event": [],
    "args": [],
    "referer": null,
    "factor_id": null,
    "provider": null,
    "client_id": null,
    "remote_addr": "77.16.48.222",
    "_SYSTEMD_SLICE": null,
    "_SYSTEMD_INVOCATION_ID": null,
    "header": null,
    "_MACHINE_ID": null,
    "_AUDIT_LOGINUID": null,
    "_TRANSPORT": null,
    "_SELINUX_CONTEXT": null,
    "MESSAGE_ID": null,
    "__REALTIME_TIMESTAMP": null,
    "metadata": [],
    "_STREAM_ID": null,
    "metering": null,
    "time": null,
    "_GID": null,
    "_BOOT_ID": null,
    "SYSLOG_IDENTIFIER": null,
    "_AUDIT_SESSION": null,
    "error": "invalid request: Unacceptable audience in id_token"
  }
]

@mohsin2596
Copy link

mohsin2596 commented Aug 23, 2023

Has anybody come across this issue? My app has been rejected by app review and I cant move forward without having it working

Edit:
Some people have started reporting the issue on reddit too https://www.reddit.com/r/Supabase/comments/15lgyrb/does_anyone_have_an_example_of_native_not_oauth/

@dshukertjr
Copy link
Member

@mohsin2596
I have opened an issue on Gotrue repo. Our auth team will take a look at it soon.

@dshukertjr
Copy link
Member

@mohsin2596
Would you be able to submit a support ticket about this one? It might be a instance specific thing.

https://supabase.com/dashboard/support/new

@mohsin2596
Copy link

@dshukertjr done. Will update here if it was instance related

@mohsin2596
Copy link

@dshukertjr After disabling and enabling the provider again it started working

@wiverson
Copy link

So, on Friday (apx 8/25) my Supabase instance started rejecting Sign In With Apple (native dialog). The relevant section in my logs was this one (redacted IP address):

{"component":"api","error":"invalid request: Unacceptable audience in id_token","level":"info","method":"POST","msg":"invalid request: Unacceptable audience in id_token","path":"/token","referer":"http://localhost:3000","remote_addr":"my ip address","time":"2023-08-29T18:21:59Z","timestamp":"2023-08-29T18:21:59Z"}

At first I thought this was an issue with Apple but it turned out to be Supabase. After a weekend of not having Sign in with Apple working I found this thread and flipping it off and back on again everything started working again.

Not sure what happened on the server side but ugh. :/

@dshukertjr
Copy link
Member

@mohsin2596 @wiverson Thanks for reporting. We are looking into it.

@bitnom
Copy link

bitnom commented Sep 6, 2023

@mohsin2596 @wiverson Thanks for reporting. We are looking into it.

Any update on this? Same error is happening when attempting to perform Google sign-in in Swift.

@mohsin2596
Copy link

@mohsin2596 @wiverson Thanks for reporting. We are looking into it.

Any update on this? Same error is happening when attempting to perform Google sign-in in Swift.

@bitnom Make sure you have comma separated values under Authorized Client IDs in Google Provider for both iOS and Android.

@wiverson
Copy link

wiverson commented Sep 6, 2023

FWIW no update on my end other than after flipping off & on again things still seem to be working.

@joaoantunes-mobiweb

This comment was marked as off-topic.

@joaoantunes-mobiweb

This comment was marked as off-topic.

@tobi404
Copy link

tobi404 commented Oct 13, 2023

So, on Friday (apx 8/25) my Supabase instance started rejecting Sign In With Apple (native dialog). The relevant section in my logs was this one (redacted IP address):

{"component":"api","error":"invalid request: Unacceptable audience in id_token","level":"info","method":"POST","msg":"invalid request: Unacceptable audience in id_token","path":"/token","referer":"http://localhost:3000","remote_addr":"my ip address","time":"2023-08-29T18:21:59Z","timestamp":"2023-08-29T18:21:59Z"}

At first I thought this was an issue with Apple but it turned out to be Supabase. After a weekend of not having Sign in with Apple working I found this thread and flipping it off and back on again everything started working again.

Not sure what happened on the server side but ugh. :/

This worked for me 🤷🏻‍♂️

@flikkr
Copy link

flikkr commented Dec 6, 2023

I'm facing this issue and tried several approaches unsuccessfully. Google provider is enabled in dashboard and I copied over my Android client id in the Authorized Client IDs field, and skip nonce check. I try doing login on my Android device using the code provided in the README:

Future<AuthResponse> login() async {
  final GoogleSignIn googleSignIn = GoogleSignIn(
    clientId: Env.googleAuthAndroidClientId,
    serverClientId: Env.googleAuthWebClientId,
  );

  final googleUser = await googleSignIn.signIn();
  final googleAuth = await googleUser!.authentication;
  final accessToken = googleAuth.accessToken;
  final idToken = googleAuth.idToken;

  // TODO: cleanup
  if (accessToken == null) {
    throw 'No Access Token found.';
  }
  if (idToken == null) {
    throw 'No ID Token found.';
  }

  return Supabase.instance.client.auth.signInWithIdToken(
    provider: Provider.google,
    idToken: idToken,
    accessToken: accessToken,
  );
}

I feel like I'm running out of ideas as to what to do. I tried disabling/enabling provider to no success. Dashboard logs show this error.

{"component":"api","error":"invalid request: Unacceptable audience in id_token","level":"info","method":"POST","msg":"invalid request: Unacceptable audience in id_token","path":"/token","referer":"http://localhost:3000","remote_addr":"218.212.109.252","time":"2023-12-06T16:38:21Z","timestamp":"2023-12-06T16:38:21Z"}

@dshukertjr
Copy link
Member

@flikkr

Google provider is enabled in dashboard and I copied over my Android client id in the Authorized Client IDs field

Confusingly, you need to copy over the web client ID into your Supabase dashboard, and not the Android client ID.

We can probably update the readme to emphasize more on this.

@flikkr
Copy link

flikkr commented Dec 7, 2023

@dshukertjr Thanks, can confirm this fixed my issue!

@BGM-109
Copy link

BGM-109 commented Feb 24, 2024

@dshukertjr same....here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auth This issue or pull request is related to authentication enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.