Support native auth on mobile devices

[k0shk0sh]

Feature request

Is your feature request related to a problem? Please describe.

Currently Supabase support only web oAuth which is mainly used for web applications and thus provide no UX to mobile users.

Describe the solution you'd like

Change how the SDK handles auth on mobile devices and this could be achieved by such code example (pseudo code)

consider having such an abstract class

abstract class AuthProvider {
  Provider get provider;
}

then Supabase supported third party auth vendors could be implemented in such way

class GoogleProvider implements AuthProvider {
  final String accessToken;
  final String idToken;

  const GoogleProvider({
    required this.accessToken,
    required this.idToken,
  });

  @override
  Provider get provider => Provider.google;
}

then simply we can let the user uses Google lib to authenticate the user on a mobile flow using

 final user = await _googleSignIn.signIn();
 final googleAuth = await user.authentication;

_supabase.client.signInProvider(GoogleProvider(accessToken: googleAuth.accessToken, 
                                               idToken: googleAuth.idToken));

then simply we could call a function in Supabase SDk that could handle this for example:

Future<GotrueSessionResponse> signInProvider({ required AuthProvider provider}) async {
    String accessToken, idToken;
    if (provider is GoogleProvider) {
       accessToken = provider.accessToken;
       idToken = provider.idToken;
    } else if ( provider is Facebook ) {
       accessToken = provider.accessToken;
   }
   final response = await api.signWithProvider(provider.provider, .accessToken , idToken); 
    return GotrueSessionResponse(error: response.error);
  }

with that Supabase shall support native auth instead of web focused auth system.

Describe alternatives you've considered

• current auth which is almost broken on ios due to redirecting isn't working and user has to manually click done on safari to return to the app.

Additional context

I would definitely like to help here if me jumping in gonna make this FR implemented faster.

Cheers.

[dshukertjr]

Thanks for opening this issue. This feature is heavily requested feature, and the team is well aware of it! Currently, we need this issue to be solved on the server side in order to implement this on the client side.

[SushilGhorasaini1]

Thanks for opening this issue. This feature is heavily requested feature, and the team is well aware of it! Currently, we need this issue to be solved on the server side in order to implement this on the client side.

Hello, the mentioned issue seems to be solved, any update on native auth on mobile devices??

[bdlukaa]

@SushilGhorasaini1 we're waiting on supabase/auth-js#169

[DanMossa]

What makes gotrue-dart reliant on gotrue-js?
@bdlukaa

It also looks like a PR has been successfully merged in already for that issue

[k0shk0sh]

#61 still wont work unfortunately as nonce doesn't exist in most jwts on mobile. ex: google_sign_in id_token doesn't have nonce so we will always receive errors from backend with missing nonce in id_token

[DanMossa]

Hmm. I'll take a look!
Wow that's really annoying that they don't return nonce.
I actually have a little while before I need this feature and I don't have the bandwidth to implement it now. You can go ahead and start if you'd like

[k0shk0sh]

Hmm. I'll take a look!
Wow that's really annoying that they don't return nonce.
I actually have a little while before I need this feature and I don't have the bandwidth to implement it now. You can go ahead and start if you'd like

This has to be changed in the backend and not in our end. Kang is informed & he created an issue for it in the backend repo, however this wont be fixed until after April afaik.

[DanMossa]

Ah I see. Do you happen to have a link to the issue?

[bdlukaa]

ex: google_sign_in id_token doesn't have nonce

we can generate our own nonce, like in https://firebase.flutter.dev/docs/auth/social#apple

[k0shk0sh]

ex: google_sign_in id_token doesn't have nonce

we can generate our own nonce, like in https://firebase.flutter.dev/docs/auth/social#apple

Yes, you can, but how backend going to verify this nonce from the jwt token if it doesn't exist within?

Because that's how they do the verifying.

Simply it wont work and fingercrossed it's not a 6 months of waiting.

[k0shk0sh]

supabase/auth#412

[DanMossa]

I made a PR to remove the requirement of nonce when it's not in the returned id_token

supabase/auth#430

[bdlukaa]

@DanMossa would that fix the google requirement?

[DanMossa]

It's kinda hard to tell if that's the only issue but I think it's the only thing stopping it right now.

There's no nonce embedded in some JWT tokens, and so that PR makes it so you don't need to send a nonce if and only if there's no nonce in the JWT

[k0shk0sh]

can confirm @DanMossa PR fixed the issue and now I can login with Google.

[bdlukaa]

@k0shk0sh could you provide more info on how you did that?

[k0shk0sh]

Below did the trick for me :).

You get onAuthenticated after successful signIn.

 ​    ​final​ user ​=​ ​await​ _googleSignIn.​signIn​(); 
 ​    ​final​ googleAuth ​=​ ​await​ user​?​.authentication; 
 ​    ​if​ (googleAuth?.idToken ​!=​ ​null​) { 
 ​      ​final​ result ​=​ ​await​ _supabase.client.auth.​signIn​( 
 ​        oidc​:​ ​OpenIDConnectCredentials​( 
 ​          nonce​:​ ​''​, 
 ​          idToken​:​ googleAuth.idToken​!​, 
 ​          provider​:​ ​Provider​.google, 
 ​        ), 
 ​      ); 
 ​      ​if​ (result.user ​!=​ ​null​) ​return​ result.user​!​; 
 ​    }

Same for apple signIn. Although I haven't tested it yet on iOS device, I bet it works.

[dshukertjr]

@k0shk0sh
If I'm not wrong, we should reopen this issue, correct?

#68 (comment)

[bdlukaa]

supabase/supabase-flutter#5 is already tracking that